feat(iam): improve disable credentials checks (#2909)

2026-02-10 14:55:00 +00:00 · 2023-10-06 11:41:04 +02:00
parent 3955450245
commit e610c2514d
43 changed files with 693 additions and 1741 deletions
--- a/tests/providers/aws/lib/security_hub/fixtures/metadata.json
+++ b/tests/providers/aws/lib/security_hub/fixtures/metadata.json
@@ -3,8 +3,8 @@
    "cat1",
    "cat2"
  ],
-  "CheckID": "iam_disable_30_days_credentials",
-  "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
+  "CheckID": "iam_user_accesskey_unused",
+  "CheckTitle": "Ensure Access Keys unused are disabled",
  "CheckType": [
    "Software and Configuration Checks"
  ],
@@ -25,7 +25,7 @@
    "othercheck1",
    "othercheck2"
  ],
-  "Description": "Ensure credentials unused for 30 days or greater are disabled",
+  "Description": "Ensure Access Keys unused are disabled",
  "Notes": "additional information",
  "Provider": "aws",
  "RelatedTo": [
--- a/tests/providers/aws/lib/security_hub/security_hub_test.py
+++ b/tests/providers/aws/lib/security_hub/security_hub_test.py
@@ -122,7 +122,7 @@ class Test_SecurityHub:
            AWS_REGION_1: [
                {
                    "SchemaVersion": "2018-10-08",
-                    "Id": f"prowler-iam_disable_30_days_credentials-{AWS_ACCOUNT_ID}-{AWS_REGION_1}-ee26b0dd4",
+                    "Id": f"prowler-iam_user_accesskey_unused-{AWS_ACCOUNT_ID}-{AWS_REGION_1}-ee26b0dd4",
                    "ProductArn": f"arn:aws:securityhub:{AWS_REGION_1}::product/prowler/prowler",
                    "RecordState": "ACTIVE",
                    "ProductFields": {
@@ -130,14 +130,14 @@ class Test_SecurityHub:
                        "ProviderVersion": "3.9.0",
                        "ProwlerResourceName": "test",
                    },
-                    "GeneratorId": "prowler-iam_disable_30_days_credentials",
+                    "GeneratorId": "prowler-iam_user_accesskey_unused",
                    "AwsAccountId": f"{AWS_ACCOUNT_ID}",
                    "Types": ["Software and Configuration Checks"],
                    "FirstObservedAt": timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ"),
                    "UpdatedAt": timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ"),
                    "CreatedAt": timestamp_utc.strftime("%Y-%m-%dT%H:%M:%SZ"),
                    "Severity": {"Label": "LOW"},
-                    "Title": "Ensure credentials unused for 30 days or greater are disabled",
+                    "Title": "Ensure Access Keys unused are disabled",
                    "Description": "test",
                    "Resources": [
                        {