On November 20, 2019, CloudSploit is releasing a change that affects the following plugins:
- AWS IAM Access Keys Rotated
- AWS IAM Access Keys Last Used
Beginning on this date, the "resource" field in the results of this plugin will change from:
arn:aws:iam::012345678910:user/username
to:
arn:aws:iam::012345678910:user/username:access_key_1
OR
arn:aws:iam::012345678910:user/username:access_key_2
This change affects the way that the "resource" field is evaluated when determining whether a new risk has been detected. These plugins evaluate IAM user access keys. CloudSploit has historically set the "resource" field to the IAM user, not the key. Because these plugins check both IAM keys assigned to the user, some new risk notifications have been skipped since the user is the same, while the key has changed.
This change will affect suppressions that have been set for these tests that contain resources identified by the IAM user. After the change is deployed, you may see "new risks detected" results for IAM users you have previously suppressed. If this occurs, you can suppress the new format
1. Log into the CloudSploit Console and select the scan report in which the new risk was detected
2. Locate the resource you want to suppress by searching the results for "access_key_"
3. Click the resource name to open the "Add Suppression" box.
If you have any questions, please contact CloudSploit support.