AWS Access Keys are Rotated Every 90 Days

This policy validates that AWS IAM account access keys are rotated every 90 days.

Regularly rotating access keys is considered security best practice as it reduces the amount of time a compromised key can be used to access an account.

Remediation

To remediate this, each unrotated access key must be deleted, then a new access key created. All programmatic calls making use of the old key should be updated with the new key.

In order to prevent a service outage, it is possible to first move all programmatic calls to a new key and then disable the non-compliant key. The following instructions will be using this method.

References

CIS AWS Benchmark 1.4 " Ensure access keys are rotated every 90 days or less."
AWS Documentation on access key rotation

PreviousAWS Access Keys Are Used Every 90 Days NextAWS ACM Certificate Is Not Expired

Last updated 3 years ago