Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Guard Custom Policy - date function

0

I want to create a Guard custom policy rule that gets hold of IAM access key creation date date and compares it to today's date. If key age is greater than 60, I want to make Config rule non-compliant.

I can get hold of access key age through this Json property: configuration.createDate

Does Guard custom policy provide a date function that I can use to create today's date and then compare it with configuration.createDate ?

Temas
Seguridad, identidad y cumplimientoGestión y gobierno
Etiquetas
AWS Identity and Access ManagementAWS Config
Idioma
English
Qadri
preguntada hace 2 meses113 visualizaciones
1 Respuesta
0

Hello.

I think it is not necessary to create a custom rule if you use the Config rule below, what do you think?
The default number of days is 90 days, but you can change this.
https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html

In addition, for remediation actions, you can use the following SSM runbook to disable access keys if they do not comply with the rules.
https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-revoke-iam-user.html

profile picture
EXPERTO
Riku_Kobayashi
respondido hace 2 meses
  • Qadri
    hace 2 meses

    Thanks Riku Isn't access_keys_rotated Config rule managed by AWS, so its set by AWS.

    For me, Edit button is greyed out so I cannot edit it.

    On the top it says: This rule has been created by securityhub,.amazonaws.com. This is a service-linked AWS Config rule.....

  • Riku_Kobayashi EXPERTO
    hace 2 meses

    In my environment, "maxAccessKeyAge" can be changed. Maybe you and I are looking at different screens. a
    What I am trying to do is configure the "Adding rules" described in the document below. https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante