feat(iam_checks): add several checks for iam (#1264)

* feat(extra71): add iam_administrator_access_with_mfa check.

* feat(checks): add extra7125 and extra7123

* feat(checks): add check14

* feat(checks): add check112

* feat(checks): add check11

* feat(checks): add check114 and check113

* feat(checks): add check12

* feat(classes): add IAM classess.

* Update iam_root_hardware_mfa_enabled.py

* fix(comments): Resolve comments.

Co-authored-by: sergargar <sergio@verica.io>

providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.metadata.json

@@ -1,8 +1,5 @@
 {
-  "Categories": [
-    "cat1",
-    "cat2"
-  ],
+  "Categories": [],
   "CheckAlias": "check13",
   "CheckID": "iam_disable_90_days_credentials",
   "CheckName": "iam_disable_90_days_credentials",
@@ -11,46 +8,39 @@
   "Compliance": [
     {
       "Control": [
-        "4.4"
+        "1.3"
       ],
       "Framework": "CIS-AWS",
       "Group": [
-        "level1",
-        "level2"
+        "level1"
       ],
       "Version": "1.4"
     }
   ],
-  "DependsOn": [
-    "othercheck1",
-    "othercheck2"
-  ],
+  "DependsOn": [],
   "Description": "Ensure credentials unused for 90 days or greater are disabled",
-  "Notes": "additional information",
+  "Notes": "",
   "Provider": "aws",
-  "RelatedTo": [
-    "othercheck3",
-    "othercheck4"
-  ],
-  "RelatedUrl": "https://serviceofficialsiteorpageforthissubject",
+  "RelatedTo": [],
+  "RelatedUrl": "",
   "Remediation": {
     "Code": {
-      "CLI": "cli command or URL to the cli command location.",
-      "NativeIaC": "code or URL to the code location.",
-      "Other": "cli command or URL to the cli command location.",
-      "Terraform": "code or URL to the code location."
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
     },
     "Recommendation": {
-      "Text": "Run sudo yum update and cross your fingers and toes.",
-      "Url": "https://myfp.com/recommendations/dangerous_things_and_how_to_fix_them.html"
+      "Text": "Find the credentials that they were using and ensure that they are no longer operational. Ideally; you delete credentials if they are no longer needed. You can always recreate them at a later date if the need arises. At the very least; you should change the password or deactivate the access keys so that the former users no longer have access.",
+      "Url": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html"
     }
   },
   "ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
-  "ResourceType": "AwsIamAccessAnalyzer",
-  "Risk": "Risk associated.",
+  "ResourceType": "AwsIamUser",
+  "Risk": "AWS IAM users can access AWS resources using different types of credentials (passwords or access keys). It is recommended that all credentials that have been unused in 90 or greater days be removed or deactivated.",
   "ServiceName": "iam",
-  "Severity": "low",
-  "SubServiceName": "accessanalyzer",
+  "Severity": "medium",
+  "SubServiceName": "",
   "Tags": {
     "Tag1Key": "value",
     "Tag2Key": "value"

providers/aws/services/iam/iam_disable_90_days_credentials/iam_disable_90_days_credentials.py

@@ -1,4 +1,4 @@
-from datetime import datetime
+import datetime
 
 from lib.check.models import Check, Check_Report
 from providers.aws.services.iam.iam_service import iam_client
@@ -15,33 +15,37 @@ class iam_disable_90_days_credentials(Check):
             for user in response:
                 report = Check_Report(self.metadata)
                 report.region = "us-east-1"
-                report.resource_id = user["UserName"]
-                report.resource_arn = user["Arn"]
-                if "PasswordLastUsed" in user and user["PasswordLastUsed"] != "":
+                report.resource_id = user.name
+                report.resource_arn = user.arn
+                if user.password_last_used and user.password_last_used != "":
                     try:
                         time_since_insertion = (
-                            datetime.datetime.now(datetime.timezone.utc)
-                            - user["PasswordLastUsed"]
+                            datetime.datetime.now()
+                            - datetime.datetime.strptime(
+                                user.password_last_used, "%Y-%m-%dT%H:%M:%S+00:00"
+                            )
                         )
                         if time_since_insertion.days > maximum_expiration_days:
                             report.status = "FAIL"
-                            report.status_extended = f"User {user['UserName']} has not logged into the console in the past 90 days"
+                            report.status_extended = f"User {user.name} has not logged into the console in the past 90 days."
                         else:
                             report.status = "PASS"
-                            report.status_extended = f"User {user['UserName']} has logged into the console in the past 90 days"
+                            report.status_extended = f"User {user.name} has logged into the console in the past 90 days."
 
                     except KeyError:
                         pass
                 else:
                     report.status = "PASS"
 
-                    report.status_extended = f"User {user['UserName']} has not a console password or is unused."
+                    report.status_extended = (
+                        f"User {user.name} has not a console password or is unused."
+                    )
                 # Append report
                 findings.append(report)
         else:
             report = Check_Report(self.metadata)
             report.status = "PASS"
-            report.status_extended = "There is no IAM users"
+            report.status_extended = "There is no IAM users."
             report.region = "us-east-1"
             findings.append(report)