IAM users should not have both Console access and Access Keys

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

AWS IAM users should be granted the minimum necessary access according to the principle of least privilege. Having both Console access and Access Keys simultaneously can increase the risk surface if either credential type is compromised. Best practices recommend restricting IAM users to only one method of access based on their job functions to minimize security vulnerabilities.

Remediation

See the Managing Access Keys for IAM Users and Enabling a Sign-in Console Password for IAM Users documentation for console remediation steps to remove either Console access or Access Keys.

PREVIEWING: rtrieu/product-analytics-ui-changes