still there has some issues

Signed-off-by: Hossein Rouhani <[email protected]>
mondoohq · Feb 29, 2024 · ef039f8 · ef039f8
1 parent 3adc50a
commit ef039f8
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 0 deletions.
diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
@@ -699,6 +699,8 @@ aws.iam {
   virtualMfaDevices() []aws.iam.virtualmfadevice
   // List of server certificates stored in IAM
   serverCertificates() []dict
+  // Retrieves metadata for IAM access keys
+   accessKeyMetadata() []aws.iam.accessKey
 }
 
 // Entry in AWS IAM credential report
@@ -2588,3 +2590,13 @@ private aws.eks.cluster @defaults("arn version status") {
   // Cluster creation timestamp
   createdAt time
 }
+
+// AWS IAM accessKey definition
+private aws.iam.accessKey {"accessKeyId status"
+  // Access Key ID
+  accessKeyId string
+  // Status of the access key (Active/Inactive)
+  status string
+  // Time when the access key was created
+  createDate time
+}
diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml
@@ -1835,6 +1835,19 @@ resources:
     platform:
       name:
       - aws
+  aws.iam.accessKey:
+  docs:
+    desc: |
+      The `aws.iam.accessKey` provides fields for assessing the configuration of individual IAM Access Keys. For usage, read the `aws.iam` resource documentation. This resource helps in identifying and analyzing the state and configurations of access keys, allowing for better security and management of AWS IAM credentials.
+  fields:
+    accessKeyId: {}
+    createDate: {}
+    status: {}
+  is_private: true
+  min_mondoo_version: 9.0.0
+  platform:
+    name:
+    - aws
   aws.iam.virtualmfadevice:
     docs:
       desc: |

diff --git a/providers/aws/resources/aws_iam.go b/providers/aws/resources/aws_iam.go
@@ -1360,3 +1360,50 @@ func (a *mqlAwsIamLoginProfile) init() (string, error) {
 	// specify a precision. Using seconds is reasonable.
 	return strconv.FormatInt(date.Unix(), 10), nil
 }
+
+func (a *mqlAwsIamUser) accessKeyMetadata() ([]interface{}, error) {
+	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
+	svc := conn.Iam("")
+	ctx := context.Background()
+	name := a.Name.Data
+
+	res := []interface{}{}
+	var marker *string
+	for {
+		accessKeysResp, err := svc.ListAccessKeys(ctx, &iam.ListAccessKeysInput{
+			UserName: &name,
+			Marker:   marker,
+		})
+		if err != nil {
+			return nil, err
+		}
+
+		for _, metadata := range accessKeysResp.AccessKeyMetadata {
+			if metadata.CreateDate == nil {
+				continue
+			}
+
+			statusStr := string(metadata.Status)
+
+			accessKeyData := map[string]*llx.RawData{
+				"AccessKeyId": llx.StringDataPtr(metadata.AccessKeyId),
+				"Status":      llx.StringDataPtr(&statusStr),
+				"CreateDate":  llx.TimeDataPtr(metadata.CreateDate),
+			}
+
+			accessKeyResource, err := CreateResource(a.MqlRuntime, "aws.iam.accessKey", accessKeyData)
+			if err != nil {
+				return nil, err
+			}
+
+			res = append(res, accessKeyResource)
+		}
+
+		if !accessKeysResp.IsTruncated {
+			break
+		}
+		marker = accessKeysResp.Marker
+	}
+
+	return res, nil
+}