Compliance - IAMUser & IAM entities include un-update properties
Incident Report for Dome9 Security
This incident has been resolved.
Posted May 20, 2018 - 10:36 UTC
AWS have deployed a fix to the GenerareCredentialReport, They are going to ramp up the traffic to the API over the next few days, yet they only reduced some of latencies and error rates and not fully resolved the issue. They expect to continue and ramp up the traffic to the API over the next few days.

This mean some of the IAM information might be updated yet this is still not in a regular and guaranteed intervals.
Posted May 13, 2018 - 07:55 UTC
AWS has blocked their IAM credential report API (generate-credential-report ) for all customers.
Calls to that API will receive LimitExceeded exception, therefore there is no way to fetch some of the IAM related properties until AWS resolves this issue.
We are working with AWS support [Case 5057948981], and were notified that they have identified a solution and actively testing it in order to unblock the API. Still, there is no ETA on AWS side to resolve the issue.

While not presented in their status page, you can find additional info in the AWS forums:

How this affects your compliance visibility? Some of the IAM information is still regularly updated and can be evaluated, including permissions and other information, yet the following properties will not get updated until this issue is resolved.

IamUser entity:
- Arn
- Name
- PasswordLastUser
- CreateDate
- PasswordEnabled
- PasswordLastChanged
- PasswordNextRotation
- MfaActive
- FirstAccessKey
- SecondAccessKey
- FirstCertificate
- SecondCertificate

Iam Entity:
- CredentialReportGeneratedTime
Posted May 07, 2018 - 06:06 UTC