Checks/Aws/Test-IamUserAccesskeyUnused.ps1
|
function Test-IamUserAccesskeyUnused { <# .SYNOPSIS IAM user does not have unused access keys older than 45 days .DESCRIPTION **IAM users** are evaluated for **active access keys** whose `last-used` timestamp exceeds `max_unused_access_keys_days` (default `45`). Users without access keys, or whose keys were used within this window, are reported separately. .PARAMETER Check CIEMCheck object containing check metadata. #> [CmdletBinding()] [OutputType([PSCustomObject[]])] param( [Parameter(Mandatory)] [CIEMCheck]$Check ) $ErrorActionPreference = 'Stop' # TODO: Implement check logic based on Prowler check: iam_user_accesskey_unused [CIEMScanResult]::Create($Check, 'MANUAL', 'This check requires manual implementation. See Prowler check iam_user_accesskey_unused for reference.', 'N/A', 'iam Resources') } |