github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/iam/limit_root_account_usage.go (about) 1 package iam 2 3 import ( 4 "time" 5 6 "github.com/khulnasoft-lab/defsec/pkg/framework" 7 8 "github.com/khulnasoft-lab/defsec/pkg/severity" 9 10 "github.com/khulnasoft-lab/defsec/pkg/state" 11 12 "github.com/khulnasoft-lab/defsec/pkg/scan" 13 14 "github.com/khulnasoft-lab/defsec/internal/rules" 15 16 "github.com/khulnasoft-lab/defsec/pkg/providers" 17 ) 18 19 var checkLimitRootAccountUsage = rules.Register( 20 scan.Rule{ 21 AVDID: "AVD-AWS-0140", 22 Provider: providers.AWSProvider, 23 Service: "iam", 24 ShortCode: "limit-root-account-usage", 25 Frameworks: map[framework.Framework][]string{ 26 framework.Default: nil, 27 framework.CIS_AWS_1_2: {"1.1"}, 28 framework.CIS_AWS_1_4: {"1.7"}, 29 }, 30 Summary: "The \"root\" account has unrestricted access to all resources in the AWS account. It is highly\nrecommended that the use of this account be avoided.", 31 Impact: "Compromise of the root account compromises the entire AWS account and all resources within it.", 32 Resolution: "Use lower privileged accounts instead, so only required privileges are available.", 33 Explanation: ` 34 The root user has unrestricted access to all services and resources in an AWS account. We highly recommend that you avoid using the root user for daily tasks. Minimizing the use of the root user and adopting the principle of least privilege for access management reduce the risk of accidental changes and unintended disclosure of highly privileged credentials. 35 `, 36 Links: []string{ 37 "https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html", 38 }, 39 Severity: severity.Low, 40 }, 41 func(s *state.State) (results scan.Results) { 42 for _, user := range s.AWS.IAM.Users { 43 if user.Name.EqualTo("root") { 44 if user.LastAccess.After(time.Now().Add(-time.Hour * 24)) { 45 results.Add("The root user logged in within the last 24 hours", user.LastAccess) 46 } else { 47 results.AddPassed(&user) 48 } 49 break 50 } 51 } 52 return 53 }, 54 )