Unused credentials should be deactivated or removed

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

AWS IAM users can access AWS resources using various types of credentials, such as passwords and access keys. Datadog recommends that you deactivate or remove all credentials that are unused for 45 or more days to enhance security.

Disabling or removing unnecessary credentials reduces the window of opportunity for compromised or abandoned accounts to be exploited, enhancing the security posture of the AWS environment.

Remediation

For instructions on managing and deactivating unused IAM credentials, refer to AWS documentation on handling unused credentials.