Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automation to delete unused access keys for Platform users #1894

Closed
5 tasks
davidkelliott opened this issue Jun 16, 2022 · 5 comments
Closed
5 tasks

Automation to delete unused access keys for Platform users #1894

davidkelliott opened this issue Jun 16, 2022 · 5 comments
Assignees
@sukeshreddyg @Kudzai-moj
Labels
security

Comments

@davidkelliott
Copy link
Contributor

davidkelliott commented Jun 16, 2022
edited by dms1981
Loading

User Story

As a platform user
I want my access to the platform to be disabled
when I am inactive for longer than X number of months.

User Type(s)

All GitHub users (team members and collaborators)

Value

This is to mitigate the security risk, when a user has access to AWS accounts after they leave an organisation.

Questions / Assumptions / Hypothesis

Proposal

Given that Platform users can create their own keys, inactive keys should be deleted to prevent accidental leakage or unintended use; if we're not using them regularly, then there's no compelling reason to keep them active.

Definition of done

  • Approach for collaborators extended to Platform users
  • Access keys / Secret access keys suspended when user has been inactive for over 30 days
  • Optionally notify user that their key has been deleted
  • another team member has reviewed
  • tests are green

Reference

How to write good user stories
@github-actions
Copy link
Contributor

This issue is stale because it has been open 90 days with no activity.

@github-actions github-actions bot added the Stale label Dec 19, 2022
@seanprivett seanprivett removed the enhancement New feature or request label Jan 31, 2023
@github-actions github-actions bot removed the Stale label Feb 2, 2023
@github-actions
Copy link
Contributor

This issue is stale because it has been open 90 days with no activity.

@github-actions github-actions bot added the Stale label Oct 16, 2023
@SimonPPledger
Copy link
Contributor

IAM only ? what about admin users where we wouldn't normally log on

@ep-93
Copy link
Contributor

ep-93 commented Feb 1, 2024

@davidkelliott we need to know the above answer. Thanks!

@github-actions github-actions bot removed the Stale label Feb 22, 2024
@dms1981 dms1981 changed the title Automation to remove or deactivate unused IAM accounts Automation to delete unused access keys for Platform users May 9, 2024
@Kudzai-moj Kudzai-moj self-assigned this May 12, 2024
@Kudzai-moj Kudzai-moj moved this from To Do to In Progress in Modernisation Platform May 14, 2024
@sukeshreddyg sukeshreddyg mentioned this issue May 21, 2024
Merged
4 tasks
@sukeshreddyg sukeshreddyg moved this from In Progress to Done in Modernisation Platform May 21, 2024
@sukeshreddyg sukeshreddyg closed this as completed by moving to Done in Modernisation Platform May 21, 2024
@ewastempel ewastempel reopened this Jul 18, 2024
@github-project-automation github-project-automation bot moved this from Done to To Do in Modernisation Platform Jul 18, 2024
@github-project-automation github-project-automation bot moved this from To Do to Done in Modernisation Platform Jul 18, 2024
@ewastempel
Copy link
Contributor

Reopened in mistake, this is implemented already, so closing the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sukeshreddyg sukeshreddyg

@Kudzai-moj Kudzai-moj

Labels
security
Projects
Modernisation Platform
Archived in project
Milestone
No milestone
Development

No branches or pull requests
8 participants
@dms1981 @davidkelliott @seanprivett @SimonPPledger @ewastempel @ep-93 @sukeshreddyg @Kudzai-moj