Skip to main content

πŸ”Œ AWS IAM User - credReport.extracts.yaml

  • Contextual name: πŸ”Œ credReport.extracts.yaml
  • ID: /types/CA10__CaAwsUser__c/credReport.extracts.yaml
  • Located in: πŸ“• AWS IAM User

Used In​

LogicPolicyFlags
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS Account Root User credentials were used is the last 30 days πŸ”΄πŸŸ’πŸŸ’ x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS Account Root User has active access keys 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS Account Root User MFA is not enabled. 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS IAM User Access Keys are not rotated every 90 days or less 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS IAM User has more than one active access key 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS IAM User MFA is not enabled for all users with console password 🟒🟒 x3
🧠 prod.logic.yaml πŸŸ’πŸ“ AWS IAM User with credentials unused for 45 days or more is not disabled 🟒🟒 x3

Content​

Open File


# password_last_used: 2021-10-15T16:30:24+00:00
# access_key_1_last_used_region: us-east-1
# password_enabled: not_supported
# access_key_1_last_used_date: 2020-02-27T12:03:00+00:00
# access_key_1_last_used_service: s3
# mfa_active: false
# access_key_2_last_used_date: N/A
# user_creation_time: 2008-06-17T18:41:41+00:00
# cert_2_active: false
# cert_1_active: true
# cert_1_last_rotated: 2011-04-27T13:23:57+00:00
# access_key_2_last_used_service: N/A
# access_key_2_active: false
# access_key_1_active: false
# password_next_rotation: not_supported
# access_key_2_last_rotated: 2014-07-03T15:12:24+00:00
# arn: arn:aws:iam::814021343637:root
# access_key_1_last_rotated: 2011-04-27T13:20:07+00:00
# access_key_2_last_used_region: N/A
# user: <root_account>
# password_last_changed: not_supported
# cert_2_last_rotated: N/A
---
extracts:
  - name: CA10__credReportAttributesJson__c
    value: 
      JSON_FROM:
        arg:
          FIELD:
            path: CA10__credReportAttributesJson__c
            returnType: BYTES
            undeterminedIf:
              isEmpty: Credential report attributes are empty, this is either permission issue or the data haven't been populated yet
        undeterminedIf:
          isInvalid: "Cred report attributes JSON is invalid"
  - name: CA10__credReportAccessKey1Active__c
    value:
      BOOLEAN_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_1_active)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        undeterminedIf:
          isEmpty: Value of 'access_key_1_active' is empty, unexpected data
  - name: CA10__credReportAccessKey2Active__c
    value:
      BOOLEAN_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_2_active)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        undeterminedIf:
          isEmpty: Value of 'access_key_1_active' is empty, unexpected data
  - name: CA10__credReportPasswordLastUsed__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(password_last_used)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
          - "no_information"
          - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when password was never used.
          #isEmpty: Value of 'password_last_used' is empty, unexpected data
          invalidFormat: Value of 'password_last_used' does not match ISO-8601 format
  - name: CA10__credReportAccessKey1LastUsed__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_1_last_used_date)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
          - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when password was never used.
          #isEmpty: Value of 'access_key_1_last_used_date' is empty, unexpected data
          invalidFormat: Value of 'access_key_1_last_used_date' does not match ISO-8601 format
  - name: CA10__credReportAccessKey2LastUsed__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_2_last_used_date)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
          - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when password was never used.
          #isEmpty: Value of 'access_key_2_last_used_date' is empty, unexpected data
          invalidFormat: Value of 'access_key_2_last_used_date' does not match ISO-8601 format
  - name: CA10__credReportMfaActive__c
    value:
      BOOLEAN_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(mfa_active)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        undeterminedIf:
          isEmpty: Credential report 'mfa_active' key is empty, unexpected data
  - name: CA10__credReportPasswordEnabled__c
    value:
      BOOLEAN_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(password_enabled)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        undeterminedIf:
          isEmpty: Value of 'password_enabled' is empty, unexpected data
  - name: CA10__credReportPasswordLastChanged__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(password_last_changed)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
            - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when password was never changed.
          #isEmpty: Value of 'password_last_changed' is empty, unexpected data
          invalidFormat: Value of 'password_last_changed' does not match ISO-8601 format
  - name: CA10__credReportAccessKey1LastRotated__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_1_last_rotated)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
            - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when key was never changed.
          #isEmpty: Value of 'access_key_1_last_rotated' is empty, unexpected data
          invalidFormat: Value of 'access_key_1_last_rotated' does not match ISO-8601 format
  - name: CA10__credReportAccessKey2LastRotated__c
    value:
      DATE_TIME_FROM:
        arg:
          JSON_QUERY_TEXT:
            arg:
              EXTRACT: CA10__credReportAttributesJson__c
            expression: "to_string(access_key_2_last_rotated)"
            undeterminedIf:
              evaluationError: "The JSON query has failed."
              resultTypeMismatch: "The JSON query did not return text type."
        nullValues:
            - "N/A"
        format: ISO_8601
        undeterminedIf:
          # value CAN be empty, for example when key was never changed.
          #isEmpty: Value of 'access_key_2_last_rotated' is empty, unexpected data
          invalidFormat: Value of 'access_key_2_last_rotated' does not match ISO-8601 format