Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Patch 448 #469

Merged
merged 10 commits into from
Oct 27, 2022
22 changes: 11 additions & 11 deletions en/aws/iam/users-password-last-used.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,19 +10,19 @@
| **Cloud** | AWS |
| **Category** | IAM |
| **Description** | Detects users with password logins that have not been used for a period of time and that should be decommissioned |
| **More Info** | Having numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should be deleted. |
| **More Info** | Having numerous, unused user accounts extends the attack surface. If users do not log into their accounts for more than the defined period of time, the account should either be deleted or have console login disabled. |
| **AWS Link** | http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_admin-change-user.html |
| **Recommended Action** | Delete old user accounts that allow password-based logins and have not been used recently. |

## Detailed Remediation Steps
1. Log into the AWS Management Console.
1. Log in to the AWS Management Console.
2. Select the "Services" option and search for IAM. </br> <img src="/resources/aws/iam/users-password-last-used/step2.png"/>
3. Scroll down the left navigation panel and choose "Users". </br><img src="/resources/aws/iam/users-password-last-used/step3.png"/>
4. Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".</br><img src="/resources/aws/iam/users-password-last-used/step4.png"/>
5. Click on the "Security Credentials" under the configuration page.</br><img src="/resources/aws/iam/users-password-last-used/step5.png"/>
6. Scroll down the "Security Credentials" tab and check the "Console password".Check the "Console password" section for "last signed in". If "last signed in" is showing for the period more than 180 days than the password is not been used for a period of time.</br><img src="/resources/aws/iam/users-password-last-used/step6.png"/>
7. Repeat steps number 2 - 6 to verify for other IAM users.</br>
8. Go to the "Users" page and select the "User" whose password is not been used for a period of time now. </br><img src="/resources/aws/iam/users-password-last-used/step8.png"/>
9. Click on the "Delete user" button at the top to delete the selected user. </br><img src="/resources/aws/iam/users-password-last-used/step9.png"/>
10. On the "Delete user" tab click on the "Yes, delete" button to delete the selected IAM user. </br><img src="/resources/aws/iam/users-password-last-used/step10.png"/>
11. Repeat steps number 8 - 10 to delete the other IAM users whose passwords are not used for a period of time. </br>
3. Scroll down the left navigation panel and choose "Credential report". Click on the "Download Report" button to download a report that lists all your account's users and the status of their various credentials. </br><img src="/resources/aws/iam/users-password-last-used/step3.png"/>
4. Open the downloaded credentials report and check the "password_last_used_date" column for each IAM account. If the timestamp value for "password_last_used_date" is recorded within the last 7 days, the above credentials have been used to access the AWS account. If however, the timestamp value is older than 90 days, then the account should be deleted or disabled.</br><img src="/resources/aws/iam/users-password-last-used/step4.png"/>
5. Scroll down the left navigation panel and choose "Users". </br><img src="/resources/aws/iam/users-password-last-used/step5.png"/>
6. Select the "User" that needs to be verified and click on the "User name" to access the selected IAM User.</br><img src="/resources/aws/iam/users-password-last-used/step6.png"/>
7. Click on the "Security Credentials" tab under the configuration page.</br><img src="/resources/aws/iam/users-password-last-used/step7.png"/>
8. Under the "Security Credentials" tab check the "Console password" section for status "Enabled/Disabled". If the status is "Enabled" then the console sign in is enabled and needs to be disabled. </br><img src="/resources/aws/iam/users-password-last-used/step8.png"/>
9. Click on "Manage" to open "Manage console acess" pop up. </br><img src="/resources/aws/iam/users-password-last-used/step9.png"/>
10. Select "Disable" for the Console access and click on "Apply" button. </br><img src="/resources/aws/iam/users-password-last-used/step10.png"/>
11. Repeat steps number 2 - 11 to verify for other IAM users.</br>
alphadev4 marked this conversation as resolved.
Show resolved Hide resolved
Binary file modified resources/aws/iam/users-password-last-used/step10.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step4.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step5.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step6.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step8.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified resources/aws/iam/users-password-last-used/step9.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.