An open API service indexing awesome lists of open source software.

https://github.com/kloudle/aws-iam-large-account-security

Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.
https://github.com/kloudle/aws-iam-large-account-security

aws cloud-security cspm iam identity-access-management misconfiguration security-automation security-scanner

Last synced: about 1 year ago
JSON representation

Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.

Awesome Lists containing this project

README

          

# AWS IAM Security at Scale πŸš€

## πŸ›‘ The Problem: AWS IAM Limitations

Most **Cloud Security Posture Management (CSPM)** tools rely on `iam:GenerateCredentialReport` to fetch IAM user details. However, this API **fails** in AWS accounts with **large IAM user bases** (e.g., 20,000+ users), causing:

- **Missed IAM misconfigurations** 🚨
- **Blind spots in security audits** πŸ•΅οΈ
- **Unmonitored access risks** πŸ”“

AWS's current hard limit allows a **maximum of 5000 IAM users per account**β€”but what happens when an enterprise **has 25,000+ users**?

πŸ‘‰ **Kloudle solved this.**

---

## πŸ”₯ Our Breakthrough: IAM Security for Large AWS Accounts

We bypassed **AWS’s API limitations** to provide IAM misconfiguration detection **at any scale.**
Instead of relying on `iam:GenerateCredentialReport`, we **dynamically query AWS APIs** to fetch IAM data **without limits.**

This uncovered **critical IAM risks** that CSPM tools **miss** in large accounts.

### βœ… **Misconfigurations We Detect**
Our method identified **high-impact security flaws**, such as:

1️⃣ **Users with multiple active access keys**
- Attackers can maintain access even after a breach.
- **APIs used:** `aws iam list-users`, `aws iam list-access-keys`

2️⃣ **Stale IAM keys (not rotated in 90+ days)**
- Prolonged attack surface, compliance failures.
- **APIs used:** `aws iam list-users`, `aws iam list-access-keys`

3️⃣ **Unused IAM keys (last used >90 days ago)**
- Forgotten keys pose **high-risk** entry points.
- **APIs used:** `aws iam get-access-key-last-used`

4️⃣ **Users with password login but NO MFA**
- **One stolen password = full account compromise.**
- **APIs used:** `aws iam list-users`, `aws iam list-mfa-devices`

---

## πŸ† **Why This Matters**
AWS IAM security is **not one-size-fits-all.**
Enterprise-scale AWS accounts **break traditional security tools.**

By dynamically querying AWS APIs **without relying on credential reports**, we offer:

βœ… **Security for AWS accounts with 20,000+ IAM users**
βœ… **Deep visibility beyond CSPM limitations**
βœ… **Real-time IAM risk detection without API failures**

---

## πŸ“š Additional Resources

- **Read more:** [Kloudle’s Blog on IAM Security](https://kloudle.com/blog/kloudle-wins-digitalocean-enterprise-customer-unique-iam-capability/)
- **Join the Discussion:** [Open an issue](https://github.com/Kloudle/aws-iam-large-account-security/issues) if you've faced similar IAM challenges!

---

πŸš€ **Securing AWS at Scale. One IAM risk at a time.**