Skip to main content

UsersWithConsoleLoginAndAccessKeyStatCard

Users with Console Login Password and Access Key Enabled

Overview

The "Users with Console Login Password and Access Key Enabled" widget identifies IAM users who have both console login passwords and active access keys. This can increase the risk of credential compromise, especially if users do not need both methods for accessing AWS resources.

Why It Matters

For IT Engineers:

  1. Access Management:
    • Helps ensure that only users who require both access methods have them enabled, preventing unnecessary exposure of credentials.
  2. Operational Efficiency:
    • Allows IT teams to streamline user access configurations, ensuring that accounts follow the least privilege principle.
  3. Resource Optimization:
    • By identifying users with both password and access key enabled, IT engineers can adjust permissions accordingly to reduce redundancy.

For Security Engineers:

  1. Security Risk:
    • Users with both access keys and passwords enabled may present an increased risk of credential theft, particularly if either method is compromised.
  2. Access Control:
    • Flags users who may have excessive or unnecessary access mechanisms, helping to enforce the principle of least privilege.
  3. Compliance:
    • Ensures that users' credentials are appropriately managed and aligned with the organization's security policies.