Check if there are SAML Providers then STS can be used
iam_check_saml_providers_sts
Check if there are SAML Providers then STS can be used
Risk
Without SAML provider users with AWS CLI or AWS API access can use IAM static credentials. SAML helps users to assume role by default each time they authenticate.
Run this check with Prowler CLI
prowler aws --checks iam_check_saml_providers_sts
ARN template
arn:partition:service:region:account-id:resource-id
Remediation
Enable SAML provider and use temporary credentials. You can use temporary security credentials to make programmatic requests for AWS resources using the AWS CLI or AWS API (using the AWS SDKs ). The temporary credentials provide the same permissions that you have with use long-term security credentials such as IAM user credentials. In case of not having SAML provider capabilities prevent usage of long-lived credentials.
Source Code
Resource Type
Other