checkIam

Check AWS credentials, Identity and Access Management (IAM) and security best practices.

Checks include:

• Authentication with the default profile or a specified profile

• Access keys need to be rotated (age >90 days)

• Root keys and signing certificates have not been created.

Parameters

checkAwsIam:

Check the IAM account

aliases: CheckIAM, checkAwsIam, checkAWSIAM, checkAwsIAM, CheckAwsIAM,

root: bool (Optional)

Security check for root access key and signing certificate availability

aliases: root_access

default: True

age: int (Optional)

Security check the age of access and secret keys (in days)

aliases: key_age

default: 90

profile: str (Optional)

An alternative profile name to use for AWS authentication

desc: str (Optional)

The description for the check

substitute: bool (Optional)

Whether to substitute environment variables in check values

default: True

aliases: substitute, env_substitute

Example 1 (yaml)

The checkAwsIam check in YAML format.

IAM:
  desc: "Check IAM authentication and security settings"
  checkIAM:

Example 2 (toml)

The checkAwsIam check in TOML format.

[Iam]
desc = "Check IAM authentication and security settings"
chekIAM = ""