Audit AWS IAM user credentials used in your environment with k9 Security’s new credential report integration. AWS IAM users may have a console password and up to two AWS API access keys. Reviewing these credentials use is an essential security and audit activity. k9 reports:
- if IAM user password or API access key credentials exist
- when a credential was last used
- when a credential was last rotated
AWS IAM user credential usage information is presented beside other critical information about the principal in the ‘Principals’ report (sample: xlsx, also JSON & CSV):
This example shows AWS IAM user and credential usage from the
k9-dev account. The new credential information is highlighted in orange and all times are in UTC.
ci user was last used on 2021-03-17 at 3:42 AM (UTC). The
ci user doesn’t have a console password configured, so those fields are blank, as are Access Key 2’s fields. The
ci user has one Access Key, Key 1. Access Key 1 has the same last used time as the principal, indicating that was the credential used to authenticate the
ci user’s last access.
This IAM user credential data comes from the AWS credential report. k9 reliably retrieves, normalizes, and integrates that credential data with other context so you can focus on analyzing the results.