IAM users should not have both Console access and Access Keys

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

AWS IAM users should be granted the minimum necessary access according to the principle of least privilege. Having both Console access and Access Keys simultaneously can increase the risk surface if either credential type is compromised. Best practices recommend restricting IAM users to only one method of access based on their job functions to minimize security vulnerabilities.

Remediation

See the Managing Access Keys for IAM Users and Enabling a Sign-in Console Password for IAM Users documentation for console remediation steps to remove either Console access or Access Keys.