AWS Access Keys Are Used Every 90 Days

This policy validates that IAM user access keys are used at least once every 90 days.

Access keys provide programatic access to an AWS account, and if those keys are not in use they should not be enabled as they only serve to increase the attack surface of the account.

Remediation

To remediate this, each unused credential for each user mentioned in this alert should be made inactive.

References

CIS AWS Benchmark 1.3 "Ensure credentials unused for 90 days or greater are disabled."

PreviousAWS Application Load Balancer Has Web ACL NextAWS Access Keys are Rotated Every 90 Days

Last updated 3 years ago