Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading resources...

Resource Type: AWS > IAM > Credential Report

The Credential Report resource type is part of the AWS Identity and Access Management (IAM) service. Each Credential Report provides a comprehensive overview of the status of IAM users' credentials, including passwords, access keys, and MFA settings.

Resource Context

Credential Report is a part of the IAM service.

Each Credential Report lives under an Account.

Controls

The primary controls for AWS > IAM > Credential Report are:

  • CMDB
  • Discovery
  • Intelligent Assessment

It is also targeted by these controls:

  • AWS > CIS v1 > 1 Identity and Access Management > 1.01 Avoid the use of the "root" account (Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.02 Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.03 Ensure credentials unused for 90 days or greater are disabled (Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.04 Ensure access keys are rotated every 90 days or less (Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.12 Ensure no root account access key exists (Scored)
  • AWS > CIS v1 > 1 Identity and Access Management > 1.21 Do not setup access keys during initial user setup for all IAM users that have a console password (Not Scored)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password (Manual)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user (Automated)
  • AWS > CIS v1.4 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less (Automated)
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.04 - Ensure no 'root' user account access key exists
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.07 - Eliminate use of the 'root' user for administrative and daily tasks
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.10 - Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.11 - Do not setup access keys during initial user setup for all IAM users that have a console password
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.12 - Ensure credentials unused for 45 days or greater are disabled
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.13 - Ensure there is only one active access key available for any single IAM user
  • AWS > CIS v2.0 > 1 - Identity and Access Management > 1.14 - Ensure access keys are rotated every 90 days or less

Category

  • IAM

In Your Workspace

  • Controls by Resource Type report
  • Policy Settings by Resource Type report
  • Resources by Resource Type report

Developers

    Resource Type URI
    • tmod:@turbot/aws-iam#/resource/types/credentialReport
    • Category URI
    • tmod:@turbot/turbot#/resource/categories/iam
    • GraphQL
    • query resource(id: "tmod:@turbot/aws-iam#/resource/types/credentialReport") { … }
    • query resourceActivities(filter: "resourceId:'tmod:@turbot/aws-iam#/resource/types/credentialReport'") { … }
    • mutation createResource(input: { … })
    • mutation updateResource(input: { … })
    • CLI
    • Get Resource
    • turbot graphql resource --id "tmod:@turbot/aws-iam#/resource/types/credentialReport"
    • Steampipe Query
    • Get Resource
    • select * from guardrails_resource where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/credentialReport';
      • Get Policy Settings (By Resource ID)
    • select * from guardrails_policy_setting where filter = 'resourceTypeId:"tmod:@turbot/aws-iam#/resource/types/credentialReport"';
      • Get Resource Notification
    • select * from guardrails_notification where resource_type_uri = 'tmod:@turbot/aws-iam#/resource/types/credentialReport' and notification_type in ('resource_updated', 'resource_created');
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM