Ensure that your existing IAM users are either being used for API access or for console access in order to reduce the risk of unauthorized access in case their credentials (access keys or passwords) are compromised.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Segregating the IAM users in your account by controlling their privileges will help you maintain a secure AWS environment. Cloud Conformity strongly recommends granting your IAM users the minimum amount of privileges necessary to perform the assigned task. Application users should use only access keys to programmatically access data in AWS and administrators who need console access should use only passwords to manage AWS resources.
To determine if your IAM users have both access keys and passwords assigned for authentication, perform the following:
Case A: To modify the access configuration by disabling the authentication via access keys for the required IAM users, perform the following:
Case B: To modify the access configuration by disabling the authentication via passwords for the required IAM users, perform the following: