Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Guard Custom Policy - date function

0

I want to create a Guard custom policy rule that gets hold of IAM access key creation date date and compares it to today's date. If key age is greater than 60, I want to make Config rule non-compliant.

I can get hold of access key age through this Json property: configuration.createDate

Does Guard custom policy provide a date function that I can use to create today's date and then compare it with configuration.createDate ?

Themen
Sicherheit, Identität & KonformitätManagement & Unternehmensführung
Tags
AWS Identity and Access ManagementAWS Config
Sprache
English
Qadri
gefragt vor 2 Monaten113 Aufrufe
1 Antwort
0

Hello.

I think it is not necessary to create a custom rule if you use the Config rule below, what do you think?
The default number of days is 90 days, but you can change this.
https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html

In addition, for remediation actions, you can use the following SSM runbook to disable access keys if they do not comply with the rules.
https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-revoke-iam-user.html

profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 2 Monaten
  • Qadri
    vor 2 Monaten

    Thanks Riku Isn't access_keys_rotated Config rule managed by AWS, so its set by AWS.

    For me, Edit button is greyed out so I cannot edit it.

    On the top it says: This rule has been created by securityhub,.amazonaws.com. This is a service-linked AWS Config rule.....

  • Riku_Kobayashi EXPERTE
    vor 2 Monaten

    In my environment, "maxAccessKeyAge" can be changed. Maybe you and I are looking at different screens. a
    What I am trying to do is configure the "Adding rules" described in the document below. https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt