AWS IAM key audit

# credentials report
aws iam generate-credential-report
aws iam get-credential-report --output text --query Content  | base64 -d

# list all keys
for user in $(aws iam list-users --output text | awk '{print $NF}'); do
    aws iam list-access-keys --user $user --output text
done


Good security guidelines:
1. Set good IAM password policy, expire passwords
2. Use MFA with all IAM passwords
3. Avoid using AWS access keys, use roles instead
4. Create a new role for each service
5. If you have to use access keys, rote keys on regular interval
6. Follow policy of least privilege, avoid IAM policies with access to all resources (*)
7. Enable cloudtrail logs and integrate them with cloudwatch. Setup alerts on cloudtrail activity
8. Perform regular audit of cloudtrail logs to identify login details, creation/deletion of resources, etc
9. Have a separate AWS account for audit logs