steampipe plugin install aws

Table: aws_iam_access_key - Query AWS IAM Access Keys using SQL

The AWS Identity and Access Management (IAM) Access Keys are long-term credentials for an IAM user or the AWS account root user. These keys are used in conjunction with the access key ID to cryptographically sign programmatic AWS requests for authentication. Managing access keys appropriately enables you to protect your AWS resources from unauthorized access.

Table Usage Guide

The aws_iam_access_key table in Steampipe provides you with information about IAM Access Keys within AWS Identity and Access Management (IAM). This table lets you, as a DevOps engineer, query access key-specific details, including the access key ID, status, creation date, and more. You can utilize this table to gather insights on access keys, such as their current status (active/inactive), the IAM user they are associated with, and their creation date. The schema outlines the various attributes of the IAM Access Key for you, including the access key ID, status, creation date, and the IAM user to which it belongs.

Examples

List of access keys with their corresponding user name and date of creation

Discover the segments that hold information about user access keys, including who created them and when, to help manage and monitor AWS IAM security credentials effectively.

select
access_key_id,
user_name,
create_date
from
aws_iam_access_key;
select
access_key_id,
user_name,
create_date
from
aws_iam_access_key;

List of access keys which are inactive

Determine the areas in which AWS IAM access keys are inactive. This can be useful for identifying unused keys, potentially improving security by reducing the number of active keys in your system.

select
access_key_id,
user_name,
status
from
aws_iam_access_key
where
status = 'Inactive';
select
access_key_id,
user_name,
status
from
aws_iam_access_key
where
status = 'Inactive';

Access key count by user name

Determine the number of access keys associated with each user in your AWS IAM service. This can be useful for understanding how access is distributed across your users, potentially highlighting areas where access can be consolidated or better managed.

select
user_name,
count (access_key_id) as access_key_count
from
aws_iam_access_key
group by
user_name;
select
user_name,
count(access_key_id) as access_key_count
from
aws_iam_access_key
group by
user_name;

Control examples

Schema for aws_iam_access_key

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
access_key_idtextThe ID for this access key.
access_key_last_used_datetimestamp with time zoneThe date when the access key was last used.
access_key_last_used_regiontextThe region in which the access key was last used.
access_key_last_used_servicetextThe service last used by the access key.
account_idtext=, !=, ~~, ~~*, !~~, !~~*The AWS Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
create_datetimestamp with time zoneThe date when the access key was created.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
regiontextThe AWS Region in which the resource is located.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
statustextThe status of the access key. Active means that the key is valid for API calls; Inactive means it is not.
titletextTitle of the resource.
user_nametext=The name of the IAM user that the key is associated with.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_iam_access_key