feat(iam_checks): add several checks for iam (#1264)

* feat(extra71): add iam_administrator_access_with_mfa check.

* feat(checks): add extra7125 and extra7123

* feat(checks): add check14

* feat(checks): add check112

* feat(checks): add check11

* feat(checks): add check114 and check113

* feat(checks): add check12

* feat(classes): add IAM classess.

* Update iam_root_hardware_mfa_enabled.py

* fix(comments): Resolve comments.

Co-authored-by: sergargar <sergio@verica.io>

providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.metadata.json

@@ -1,56 +1,35 @@
 {
-  "Categories": [
-    "cat1",
-    "cat2"
-  ],
+  "Categories": [],
   "CheckAlias": "extra774",
   "CheckID": "iam_disable_30_days_credentials",
   "CheckName": "iam_disable_30_days_credentials",
   "CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
   "CheckType": "Software and Configuration Checks",
-  "Compliance": [
-    {
-      "Control": [
-        "4.4"
-      ],
-      "Framework": "CIS-AWS",
-      "Group": [
-        "level1",
-        "level2"
-      ],
-      "Version": "1.4"
-    }
-  ],
-  "DependsOn": [
-    "othercheck1",
-    "othercheck2"
-  ],
+  "Compliance": [],
+  "DependsOn": [],
   "Description": "Ensure credentials unused for 30 days or greater are disabled",
-  "Notes": "additional information",
+  "Notes": "",
   "Provider": "aws",
-  "RelatedTo": [
-    "othercheck3",
-    "othercheck4"
-  ],
-  "RelatedUrl": "https://serviceofficialsiteorpageforthissubject",
+  "RelatedTo": [],
+  "RelatedUrl": "",
   "Remediation": {
     "Code": {
-      "CLI": "cli command or URL to the cli command location.",
-      "NativeIaC": "code or URL to the code location.",
-      "Other": "cli command or URL to the cli command location.",
-      "Terraform": "code or URL to the code location."
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Run sudo yum update and cross your fingers and toes.",
-      "Url": "https://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html"
+      "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.",
+      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html"
     }
   },
   "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamAccessAnalyzer",
-  "Risk": "Risk associated.",
+  "ResourceType": "AwsIamUser",
+  "Risk": "To increase the security of your AWS account; remove IAM user credentials (that is; passwords and access keys) that are not needed. For example; when users leave your organization or no longer need AWS access.",
   "ServiceName": "iam",
-  "Severity": "low",
-  "SubServiceName": "accessanalyzer",
+  "Severity": "medium",
+  "SubServiceName": "",
   "Tags": {
     "Tag1Key": "value",
     "Tag2Key": "value"

providers/aws/services/iam/iam_disable_30_days_credentials/iam_disable_30_days_credentials.py

@@ -1,4 +1,4 @@
-from datetime import datetime
+import datetime
 
 from lib.check.models import Check, Check_Report
 from providers.aws.services.iam.iam_service import iam_client
@@ -14,34 +14,38 @@ class iam_disable_30_days_credentials(Check):
         if response:
             for user in response:
                 report = Check_Report(self.metadata)
-                report.resource_id = user["UserName"]
-                report.resource_arn = user["Arn"]
+                report.resource_id = user.name
+                report.resource_arn = user.arn
                 report.region = "us-east-1"
-                if "PasswordLastUsed" in user and user["PasswordLastUsed"] != "":
+                if user.password_last_used and user.password_last_used != "":
                     try:
                         time_since_insertion = (
-                            datetime.datetime.now(datetime.timezone.utc)
-                            - user["PasswordLastUsed"]
+                            datetime.datetime.now()
+                            - datetime.datetime.strptime(
+                                user.password_last_used, "%Y-%m-%dT%H:%M:%S+00:00"
+                            )
                         )
                         if time_since_insertion.days > maximum_expiration_days:
                             report.status = "FAIL"
-                            report.status_extended = f"User {user['UserName']} has not logged into the console in the past 30 days"
+                            report.status_extended = f"User {user.name} has not logged into the console in the past 30 days."
                         else:
                             report.status = "PASS"
-                            report.status_extended = f"User {user['UserName']} has logged into the console in the past 30 days"
+                            report.status_extended = f"User {user.name} has logged into the console in the past 30 days."
 
                     except KeyError:
                         pass
                 else:
                     report.status = "PASS"
-                    report.status_extended = f"User {user['UserName']} has not a console password or is unused."
+                    report.status_extended = (
+                        f"User {user.name} has not a console password or is unused."
+                    )
 
                 # Append report
                 findings.append(report)
         else:
             report = Check_Report(self.metadata)
             report.status = "PASS"
-            report.status_extended = "There is no IAM users"
+            report.status_extended = "There is no IAM users."
             report.region = iam_client.region
             findings.append(report)