ADA-CP 2.7.2: Do not setup access keys during initial user setup for all IAM users that have a console password - Githubissues

nccgroup / ScoutSuite

Multi-Cloud Security Auditing Tool

GNU General Public License v2.0

6.71k stars 1.06k forks source link

ADA-CP 2.7.2: Do not setup access keys during initial user setup for all IAM users that have a console password #1657

Open rdegraaf opened 3 months ago

rdegraaf commented 3 months ago

Is your feature request related to a problem? Please describe.

The App Defense Alliance Cloud Profile requires a check that API keys are not automatically assigned to IAM Users with Console passwords.

Describe the solution you'd like

Implement the check as documented at https://github.com/appdefensealliance/ASA-WG/blob/main/Cloud%20App%20and%20Config%20Profile/Cloud%20App%20and%20Config%20Test%20Guide.md#272-do-not-setup-access-keys-during-initial-user-setup-for-all-iam-users-that-have-a-console-password.

Describe alternatives you've considered

None

Additional context

rdegraaf commented 3 months ago

Fixed in https://github.com/rdegraaf/ScoutSuite/tree/ada-cp-aws. MR to come once I have a few more rules implemented.