Auto deactivation of access key and secret access key

0

How Auto deactivation of access key and secret access key can be achieved associated with a user when his profile is removed from AWS account. This is in relation to real time scenario when an employee leaves the organization and his access key and secret access key still remains and can lead to security issue if the same is available to others

2 Answers
0

What is the process you use to remove user profile from AWS account? If you are deleting the IAM user, this will also delete all its user data, security credentials and inline policies. You can take additional steps before deleting the user to list all access keys for a specific user: https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html And then, delete the returned list: https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html

profile pictureAWS
AmerO
answered 3 months ago
  • The User is removed from AD group.Thanks for your response however how this can be automated - the action of auto deactivating the access key and secret access key?

0

Are you using federated login? AD users are not IAM users and they don't get assigned secret keys or access keys. They might request temporary credentials but these last 12 hours only and they have to be federated. If the user account is no longer in AD, that will break it. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html

More information about the process how the person was provided with access key and secret key. Could the credentials pair belong to another operational AIM user and not the AD profile. https://repost.aws/knowledge-center/adfs-grant-ad-access-api-cli

profile pictureAWS
AmerO
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions