Views:
February 11, 2022, Conformity—From approximately 00:30 UTC 19 January 2022 to approximately 10:00 UTC 10 February 2022, Conformity experienced data retrieval errors for the AWS IAM and TrustedAdvisor services, which resulted in missing checks for certain rules. The issues have now been resolved and the affected checks have been regenerated.
Incident Summary
Due to changes deployed on 19 January to how Conformity handles certain AWS credentials, AWS Conformity Bot was not able to retrieve certain resource data for two AWS services. These changes affected rules dependent upon AWS TrustedAdvisor Checks and IAM Credential Reports.
Impact
Checks related to the AWS Trusted Advisor and IAM Credential Report services were removed and deleted by Conformity Bot due to not being able to retrieve any resources for these services. The following IAM and TrustAdvisor rules were affected:
IAM Rules
  • IAM-055: Canary Access Token
  • IAM-048: Root Account Active Signing Certificates
  • IAM-042: Hardware MFA for AWS Root Account
  • IAM-041:IAM User Password Expiry 45 Days
  • IAM-040: IAM User Password Expiry 30 Days
  • IAM-039: IAM User Password Expiry 7 Day
  • IAM-035: Root Account Usage
  • IAM-003: Credentials Last Used
TrustedAdvisor Rules
  • TrustedAdvisor-001: Trusted Advisor Service Limits
  • TrustedAdvisor-002: Trusted Advisor Checks
  • TrustedAdvisor-003: Exposed IAM Access Keys
Resolution
We’ve improved how Conformity Bot handles the way we retrieve TrustedAdvisor Checks and IAM Credential Reports to be compatible with the changes we introduced in January 2022.