ADA-CP 2.7.1 "Ensure no 'root' user account access key exists" #1683
Comments
|
The ADA-CP requirement is ambiguous; while their title and AWS CLI investigation procedure prohibit inactive root API keys, their AWS Console investigation procedure allows them. This issue is tracked at appdefensealliance/ASA-WG#138. I expect them to resolve it in favour of the not permitting inactive root API keys, but if they go the other way we can ditch this rule in favour of "iam-root-account-with-active-keys". |
|
i have been finding it difficult to access my User account, i don't know what really happened it wont let me access, and i 've tried to access it back severally it won't let me access, hopefully i got assisted by xiaospy1 platform on TikTok, they usually render massive and successful recovery & hacking jobs, i was so thankful to them when my issues was fixed. |
Is your feature request related to a problem? Please describe.
The App Defense Alliance Cloud Profile requires a check that no root user API keys exist. This is very similar to the existing rule "iam-root-account-with-active-keys", except that ADA-CP also prohibits inactive root API keys.
Describe the solution you'd like
Implement the check as documented at https://github.com/appdefensealliance/ASA-WG/blob/v1.0/Cloud%20App%20and%20Config%20Profile/Cloud%20App%20and%20Config%20Test%20Guide.md#271-ensure-no-root-user-account-access-key-exists.
The text was updated successfully, but these errors were encountered: