Which IAM RQL query would correctly generate an output to view users who enabled console access with both access keys and passwords?
Which IAM RQL query would correctly generate an output to view users who enabled console access with both access keys and passwords?
The IAM RQL query needed to view users who have enabled console access with both access keys and passwords should capture the active state of either of the access keys and ensure that the password is enabled. The query 'config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = access_key_1_active is true or access_key_2_active is true and password_enabled equals 'true'' precisely meets these criteria by checking both access keys and the password status.
Only "B" is proper query on Prisma
B https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/config-query/config-query-examples
Verified on Prisma.
B View users who enabled console access with both access keys and passwords: config from cloud.resource where api.name = 'aws-iam-get-credential-report' AND json.rule = access_key_1_active is true or access_key_2_active is true and password_enabled is true https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-rql-reference/rql-reference/config-query/config-query-examples