Identify and manage any access keys over a certain age.
Access keys are static credentials that can be quite easy to lose either accidentally or in attack. For example, they can be exposed in application code, or when stored on a local file system. This Op finds access keys older than a certain age and allows you to either revoke the keys or quarantine the associated user identity.
Supported Issue Types:
User _name_ has a stale access key
- The user _name_ has an access key that is _n_ days old.
- Revoke the access key
- Add the user to the quarantine group
Fashion App’s Faux Pas: Open Buckets of (21) Buttons TL; DR: Leaving their S3 buckets exposed, fashion-focused social app, 21 Buttons, is caught with their pants down. Because it had nothing to do with
In our last post, we walked through the console and highlighted making the most of the Security Hub console and some tips and tricks to make it more useful. Today I want to dive into one of the best parts of Security Hub — taking actions on events and findings.