Detect, proactively alert your security teams, and automatically remove exposed IAM Access Keys with the updated Trusted Advisor Exposed Keys Event Monitor.
Exposed IAM Access Keys pose a security risk to your AWS accounts, and could lead to excessive charges from unauthorized activity or abuse! To find out more on IAM Access Keys and how to manage it, please visit Managing access keys for IAM users.
Customers are ultimately responsible for the safety and security of the access keys. To help you, AWS team has published a new version of Trusted Advisor Exposed Keys Event Monitor solution published into GitHub. This is an optional solution that helps you proactively alert your security team by email (and optionally to your preferred Slack channel), and automate taking action in the event of any access keys being exposed into public sites. The solution uses AWS Trusted Advisor (TA) Exposed Access Keys recommendation. Note: this solution deletes the exposed IAM Access Key to stop any potential compromise. You can modify the solution to fit into your governance policy. To learn more about this TA recommendation please visit here.
Prerequisite: To implement this solution the AWS Account needs AWS Support API access. Please check here to learn more on AWS Support API.
For more details on the solution please review the README here and a reference architecture for the solution is attached below. Contact your AWS Account team or AWS Support for additional support.