AWS-IAM-Canary-Keys-Used

Owned by naveen
Last updated: Jan 29, 2022
1 min read

Severity : High

Description : This control ensures that access keys created for canaries are configured to raise CloudTrail alarm in the CloudWatch. Canaries are scripts written in Node.js or Python and offer programmatic access to resources. The Canary Keys are associated with an IAM user with very limited privilege. Canary access keys can be created with limited permissions and then used to detect when a potential breach occurs. It is recommended to have the monitoring for key usage so when they are used maliciously it can be identified and notification can be created to block the access.

Remediation Steps : Create a canary access token and provide its user to CloudSploit. If CloudSploit detects that the account is in use, it will trigger a failure.

Blue Hexagon Proprietary