IAM
Caligo provides the following security rules for AWS IAM:
User access keys should be rotated every 90 days or less
Access keys should not be set up at initial user setup for IAM users with passwords
IAM credentials (access keys and passwords) unused for 90 days or more should be disabled
Expired SSL/TLS certificates stored in AWS IAM should be removed
MFA should be enabled for all IAM users with a console password
IAM groups, users, and roles should not have any inline policies
No root account access keys should exist
Full ’*’ administrative privileges shouldn’t be allowed through IAM policies
IAM policies should not be connected to IAM users, but rather groups and roles
Password policy should expire passwords within 90 days or less
Password policy should require at least one lowercase character
Password policy should require a minimum length of at least 14
Password policy should require at least one number character
Password policy should prevent password reuse: 24 or greater
Password policy should require at least one symbol character
Password policy should require at least one uppercase character
Root Account should not be actively used
MFA should be enabled for the root account
An IAM user, group, or role has specific permissions to coordinate AWS support
IAM users should each only have at most one active access key
IAM user should be associated with at least 1 group
Last updated