IAM access keys that are inactive and older than 1 year should be removed

iam
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This rule identifies IAM access keys that are older than one year and have not been used in the past 30 days.

Rationale

This is a good indicator that an access key or IAM user that is not used anymore, and raises a security risk. IAM access keys are static secrets that do not change. This leak represents a common cause for cloud security breaches.

Remediation

  • Verify that the IAM user is still actively used or if it can be removed.
  • Verify that the IAM access key is still actively used or if it can be removed.
  • If the IAM user is still needed, rotate the access key. For more information, see the AWS documentation.

From the console

Follow the Rotating IAM user access keys (console) AWS documentation to rotate access keys.

From the command line

Follow the Rotating IAM user access keys (AWS CLI) AWS documentation to rotate access keys.

PREVIEWING: dgreen15/github-error-fix