https://github.com/kloudle/aws-iam-large-account-security
Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.
https://github.com/kloudle/aws-iam-large-account-security
aws cloud-security cspm iam identity-access-management misconfiguration security-automation security-scanner
Last synced: about 1 year ago
JSON representation
Security insights for AWS IAM in large-scale accounts (20K+ users), bypassing CSPM limitations.
- Host: GitHub
- URL: https://github.com/kloudle/aws-iam-large-account-security
- Owner: Kloudle
- Created: 2025-03-13T05:08:17.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-17T06:55:35.000Z (over 1 year ago)
- Last Synced: 2025-03-25T00:48:13.734Z (over 1 year ago)
- Topics: aws, cloud-security, cspm, iam, identity-access-management, misconfiguration, security-automation, security-scanner
- Homepage: https://kloudle.com/blog/kloudle-wins-digitalocean-enterprise-customer-unique-iam-capability/
- Size: 5.86 KB
- Stars: 7
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# AWS IAM Security at Scale π
## π The Problem: AWS IAM Limitations
Most **Cloud Security Posture Management (CSPM)** tools rely on `iam:GenerateCredentialReport` to fetch IAM user details. However, this API **fails** in AWS accounts with **large IAM user bases** (e.g., 20,000+ users), causing:
- **Missed IAM misconfigurations** π¨
- **Blind spots in security audits** π΅οΈ
- **Unmonitored access risks** π
AWS's current hard limit allows a **maximum of 5000 IAM users per account**βbut what happens when an enterprise **has 25,000+ users**?
π **Kloudle solved this.**
---
## π₯ Our Breakthrough: IAM Security for Large AWS Accounts
We bypassed **AWSβs API limitations** to provide IAM misconfiguration detection **at any scale.**
Instead of relying on `iam:GenerateCredentialReport`, we **dynamically query AWS APIs** to fetch IAM data **without limits.**
This uncovered **critical IAM risks** that CSPM tools **miss** in large accounts.
### β
**Misconfigurations We Detect**
Our method identified **high-impact security flaws**, such as:
1οΈβ£ **Users with multiple active access keys**
- Attackers can maintain access even after a breach.
- **APIs used:** `aws iam list-users`, `aws iam list-access-keys`
2οΈβ£ **Stale IAM keys (not rotated in 90+ days)**
- Prolonged attack surface, compliance failures.
- **APIs used:** `aws iam list-users`, `aws iam list-access-keys`
3οΈβ£ **Unused IAM keys (last used >90 days ago)**
- Forgotten keys pose **high-risk** entry points.
- **APIs used:** `aws iam get-access-key-last-used`
4οΈβ£ **Users with password login but NO MFA**
- **One stolen password = full account compromise.**
- **APIs used:** `aws iam list-users`, `aws iam list-mfa-devices`
---
## π **Why This Matters**
AWS IAM security is **not one-size-fits-all.**
Enterprise-scale AWS accounts **break traditional security tools.**
By dynamically querying AWS APIs **without relying on credential reports**, we offer:
β
**Security for AWS accounts with 20,000+ IAM users**
β
**Deep visibility beyond CSPM limitations**
β
**Real-time IAM risk detection without API failures**
---
## π Additional Resources
- **Read more:** [Kloudleβs Blog on IAM Security](https://kloudle.com/blog/kloudle-wins-digitalocean-enterprise-customer-unique-iam-capability/)
- **Join the Discussion:** [Open an issue](https://github.com/Kloudle/aws-iam-large-account-security/issues) if you've faced similar IAM challenges!
---
π **Securing AWS at Scale. One IAM risk at a time.**