Control: 1.5 Ensure no owner account API key exists
API keys by definition allow access to your account and resources in your account. The API key inherits all assigned access for the user identity for which it is created, therefore an API key created by an account owner has account-owner level access to resources in the account.
To delete an API key, complete the following steps:
- Login as the account owner at cloud.ibm.com
- In the console, go to Manage -> Access (IAM)
- Click on API keys
- Identify the row of the API key that you want to delete and select Delete from the Actions List of actions icon menu (found on the right hand side of the row).
- Then, confirm the deletion by clicking Delete.5. Then, confirm the deletion by clicking Delete.
Run the control in your terminal:
steampipe check ibm_compliance.control.cis_v100_1_5
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share ibm_compliance.control.cis_v100_1_5
This control uses a named query:iam_account_owner_no_api_key