1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
Hello.
I think it is not necessary to create a custom rule if you use the Config rule below, what do you think?
The default number of days is 90 days, but you can change this.
https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html
In addition, for remediation actions, you can use the following SSM runbook to disable access keys if they do not comply with the rules.
https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-revoke-iam-user.html
Conteúdo relevante
- AWS OFICIALAtualizada há 4 anos
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos
- AWS OFICIALAtualizada há 2 anos
Thanks Riku Isn't access_keys_rotated Config rule managed by AWS, so its set by AWS.
For me, Edit button is greyed out so I cannot edit it.
On the top it says: This rule has been created by securityhub,.amazonaws.com. This is a service-linked AWS Config rule.....
In my environment, "maxAccessKeyAge" can be changed. Maybe you and I are looking at different screens.
What I am trying to do is configure the "Adding rules" described in the document below. https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_manage-rules.html