Aws Unused Key Pairs
Description
Identifies SSH key pairs in AWS EC2 that are not actively being used by any running, stopped, or stopping EC2 instances and are not referenced in CloudFormation templates. Unused key pairs represent unnecessary access credentials that should be removed to reduce the attack surface.
Detection Strategy
• Retrieves all EC2 key pairs in the specified AWS region
• For each key pair, checks if it is being used by any EC2 instances in running, stopped, or stopping states
• Verifies if the key pair is referenced in any CloudFormation templates
• Reports a vulnerability if a key pair is not associated with any instances and not used in any templates
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.