We noticed from Cloudtrail logs that our vVult host is making a fair number of ListGroupsForUsers API calls to AWS. We have machine and service IAM role authentication set up and were wondering why Vault is making those calls. Is there a way to disable it as this endpoint should not have anything to do with the EC2/IAM service role authentication.
The only two things that would possibly use LisGroupsForUsers is either AWS Dynamic Secret engine (more likely choice) or the AWS Auth engine.
If you’re not using either engine disable it.