Steampipe mods are now Powerpipe →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
26Dashboards
1161Controls
568Queries
2Variables
GitHub

Query: iam_user_access_key_unused_45

Usage

powerpipe query aws_compliance.query.iam_user_access_key_unused_45

Steampipe Tables

aws_iam_credential_report
Amazon Web Services plugin

SQL

select
  user_arn as resource,
  case
    when not access_key_1_active then 'ok'
    when access_key_1_active
    and access_key_1_last_used_date is null then 'alarm'
    when access_key_1_active
    and access_key_1_last_used_date < (current_date - interval '45' day) then 'alarm'
    when not access_key_2_active then 'ok'
    when access_key_2_active
    and access_key_2_last_used_date is null then 'alarm'
    when access_key_2_active
    and access_key_2_last_used_date < (current_date - interval '45' day) then 'alarm'
    else 'ok'
  end as status,
  user_name || case
    when not access_key_1_active then ' key 1 not enabled,'
    when access_key_1_active
    and access_key_1_last_used_date is null then ' key 1 created ' || to_char(access_key_1_last_rotated, 'DD-Mon-YYYY') || ' never used,'
    else ' key 1 used ' || to_char(access_key_1_last_used_date, 'DD-Mon-YYYY') || ','
  end || case
    when not access_key_2_active then ' key 2 not enabled.'
    when access_key_2_active
    and access_key_2_last_used_date is null then ' key 2 created ' || to_char(access_key_2_last_rotated, 'DD-Mon-YYYY') || ' never used.'
    else ' key 2 used ' || to_char(access_key_2_last_used_date, 'DD-Mon-YYYY') || '.'
  end as reason,
  account_id
from
  aws_iam_credential_report;

Controls

The query is being used by the following controls: