Access Management Security How-To Guides
Detect Use of AWS Account Root User Credentials
The root account has unrestricted access to all resources in the AWS account. It is highly recommended that the use of this account be avoided.
Find AWS Account Root Users with Access Keys
The root user is the most privileged user in an AWS account. AWS access Keys provide programmatic access to a given AWS account.
Find AWS Account Root Users Without Hardware MFA Enabled
The root account is the most privileged user in an AWS account. Multi-factor authentication (MFA) adds an extra layer of protection on top of a username and password.
Find AWS Accounts Missing IAM Support Roles
AWS provides a support center that can be used for incident notification and response, as well as technical support and customer services. Create an IAM Role to allow authorized users to manage incidents with AWS Support.
Find AWS Accounts That Do Not Prevent Reuse of the Last 24 Passwords
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets.
Find AWS Accounts Without Minimum Password Length of 14 Characters
Password policies are used to enforce password complexity requirements. IAM password policies can be used to ensure password are comprised of different character sets. It is recommended that the password policy require minimum length of 14 or greater.
Find AWS EC2 Instances Not Using IAM Instance Roles
AWS access from within AWS instances can be done by either encoding AWS keys into AWS API calls or by assigning the instance to a role which has an appropriate permissions policy for the required access.
Find AWS IAM Access Keys Not Rotated Within 90 Days
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS.
Find AWS IAM Policies Not Attached to Groups or Roles
By default, IAM users, groups, and roles have no access to AWS resources. IAM policies are the means by which privileges are granted to users, groups, or roles.
Find AWS IAM Policies with Full Administrative Privileges
IAM policies are the means by which privileges are granted to users, groups, or roles. It is recommended and considered a standard security advice to grant only the permissions required.
Find AWS IAM Users with Multiple Active Access Keys
Access keys can be lost or stolen, and multiple access keys are not required.
Find AWS IAM Users Without MFA Enabled
Multi-factor authentication (MFA) adds an extra layer of protection on top of a username and password.
Find AWS Lambda Function CORS Vulnerabilities
Publicly accessible services could expose sensitive data to bad actors.
Find AWS Lambda Functions with Public Resource-Based Policies
Publicly accessible services could expose sensitive data to bad actors.
Find Expired AWS IAM Server Certificates
Removing expired SSL/TLS certificates eliminates the risk that an invalid certificate will be deployed accidentally to a resource such as AWS Elastic Load Balancer (ELB), which can damage the credibility of the application/website behind the ELB.
Find Public AWS Lambda Functions
Publicly accessible services could expose sensitive data to bad actors.
Find Unused AWS IAM Access Keys for Users with Configured Passwords
The AWS Console defaults to creating access keys during user setup, resulting in the unnecessary generation of access keys.
Find Unused AWS IAM Credentials
To increase the security of your AWS account, remove IAM user credentials (that is, passwords and access keys) that are not needed. For example, when users leave your organization or no longer need AWS access.
