Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Identity and Access Management/ Access Key Check

Updated on 2024-12-10 GMT+08:00

View PDF

Access Key Check

Rule Details

**Table 1** Rule details
Parameter	Description
Rule Name	iam-user-console-and-api-access-at-creation
Identifier	iam-user-console-and-api-access-at-creation
Description	If an IAM user who is allowed to access Huawei Cloud console has AK/SK created, this user is noncompliant.
Tag	iam
Trigger Type	Configuration change
Filter Type	iam.users
Configure Rule Parameters	None

Applicable Scenario

To improve resource security, you are advised not to set access keys for IAM users who are allowed to access the management console.

Solution

You can delete access keys for noncompliant IAM users.

Rule Logic

If an IAM user is disabled, this user is compliant.
If an IAM user is not allowed to access the management console, this user is compliant.
If an IAM user does not have an access key, this user is compliant.
If an IAM user does not meet any of the above three conditions, this user is noncompliant.

Parent topic: Identity and Access Management

Previous topic: Access Mode Check

Next topic: IAM Users Are in Specified User Groups

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.