1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello.
I think it is not necessary to create a custom rule if you use the Config rule below, what do you think?
The default number of days is 90 days, but you can change this.
https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
In addition, for remediation actions, you can use the following SSM runbook to disable access keys if they do not comply with the rules.
https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-revoke-iam-user.html
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
Thanks Riku Isn't access_keys_rotated Config rule managed by AWS, so its set by AWS.
For me, Edit button is greyed out so I cannot edit it.
On the top it says: This rule has been created by securityhub,.amazonaws.com. This is a service-linked AWS Config rule.....
In my environment, "maxAccessKeyAge" can be changed. Maybe you and I are looking at different screens.
What I am trying to do is configure the "Adding rules" described in the document below. https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html