No known compromised AWS IAM user should be present in the account

iam
이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Ensure that no known compromised IAM users are present in your AWS account. When AWS identifies compromised AWS IAM user credentials, it attaches the managed policy AWSCompromisedKeyQuarantineV2 that blocks commonly abused actions, and typically opens a support case. When this happens, it’s important to make sure that the user is removed, or its credentials are disabled.

Note: This rule only triggers if the IAM user has active programmatic credentials.

Remediation

Follow the Rotating access keys AWS documentation to disable the compromised access key, and create a new one. You can also follow the AWS incident response playbook and the AWS incident response guide to assess the impact of the compromised credentials.