Zeus Cloud home pagelight logodark logo
  • Explore Demo
  • Explore Demo

IAM

ZeusCloud provides the following security rules for AWS IAM:

  • User access keys should be rotated every 90 days or less
  • Access keys should not be set up at initial user setup for IAM users with passwords
  • IAM credentials (access keys and passwords) unused for 90 days or more should be disabled
  • Expired SSL/TLS certificates stored in AWS IAM should be removed
  • MFA should be enabled for all IAM users with a console password
  • IAM groups, users, and roles should not have any inline policies
  • No root account access keys should exist
  • Full ’*’ administrative privileges shouldn’t be allowed through IAM policies
  • IAM policies should not be connected to IAM users, but rather groups and roles
  • Password policy should expire passwords within 90 days or less
  • Password policy should require at least one lowercase character
  • Password policy should require a minimum length of at least 14
  • Password policy should require at least one number character
  • Password policy should prevent password reuse: 24 or greater
  • Password policy should require at least one symbol character
  • Password policy should require at least one uppercase character
  • Root Account should not be actively used
  • MFA should be enabled for the root account
  • An IAM user, group, or role has specific permissions to coordinate AWS support
  • IAM users should each only have at most one active access key
  • IAM user should be associated with at least 1 group
Assistant
Responses are generated using AI and may contain mistakes.
twittergithublinkedin
Powered by Mintlify
  • Documentation
  • GitHub
  • Demo
  • Community
  • Contact Us
  • Introduction
    • What is ZeusCloud?
    • Get Started
    • Rules
    • Alerts
    • Compliance
    • Customize
    Rules Catalog
    • Overview
    • Misconfigurations
    • Attack Paths
    Contribute
    • Overview
    • Development Guide
    • Add a Security Rule
    • Add to Asset Inventory
    • Add a Compliance Framework
    Community and Support
    • Troubleshooting
    • Community

    IAM

    ZeusCloud provides the following security rules for AWS IAM:

    • User access keys should be rotated every 90 days or less
    • Access keys should not be set up at initial user setup for IAM users with passwords
    • IAM credentials (access keys and passwords) unused for 90 days or more should be disabled
    • Expired SSL/TLS certificates stored in AWS IAM should be removed
    • MFA should be enabled for all IAM users with a console password
    • IAM groups, users, and roles should not have any inline policies
    • No root account access keys should exist
    • Full ’*’ administrative privileges shouldn’t be allowed through IAM policies
    • IAM policies should not be connected to IAM users, but rather groups and roles
    • Password policy should expire passwords within 90 days or less
    • Password policy should require at least one lowercase character
    • Password policy should require a minimum length of at least 14
    • Password policy should require at least one number character
    • Password policy should prevent password reuse: 24 or greater
    • Password policy should require at least one symbol character
    • Password policy should require at least one uppercase character
    • Root Account should not be actively used
    • MFA should be enabled for the root account
    • An IAM user, group, or role has specific permissions to coordinate AWS support
    • IAM users should each only have at most one active access key
    • IAM user should be associated with at least 1 group
    Assistant
    Responses are generated using AI and may contain mistakes.
    twittergithublinkedin
    Powered by Mintlify