Resource Type: AWS > IAM > Credential Report

Resource Context

Credential Report is a part of the IAM service.

Each Credential Report lives under an Account.

Controls

The primary controls for AWS > IAM > Credential Report are:

• CMDB
• Discovery

It is also targeted by these controls:

• AWS > CIS v1 > 1 Identity and Access Management > 1.01 Avoid the use of the "root" account (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.04 Ensure access keys are rotated every 90 days or less (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.12 Ensure no root account access key exists (Scored)
• AWS > CIS v1 > 1 Identity and Access Management > 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password (Manual)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user (Automated)
• AWS > CIS v1.4 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less (Automated)
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
• AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
• AWS > CIS v3.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less

Category

• IAM

In Your Workspace

• Controls by Resource Type report
• Policy Settings by Resource Type report
• Resources by Resource Type report

Developers

Resource Type URI

tmod:@turbot/aws-iam#/resource/types/credentialReport

Category URI

tmod:@turbot/turbot#/resource/categories/iam

GraphQL

query resource(id: "tmod:@turbot/aws-iam#/resource/types/credentialReport") { … }

query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/credentialReport'") { … }

mutation createResource(input: { … })

mutation updateResource(input: { … })

CLI

Get Resource

turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/credentialReport"

Steampipe Query

Get Resource

select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/credentialReport';

Get Policy Settings (By Resource ID)

select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/credentialReport"';

Get Resource Notification

select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/credentialReport' and notification_type in ('resource_updated', 'resource_created');