IAM users should not have both Console access and Access Keys

iam

Description

AWS IAM users should be granted the minimum necessary access according to the principle of least privilege. Having both Console access and Access Keys simultaneously can increase the risk surface if either credential type is compromised. Best practices recommend restricting IAM users to only one method of access based on their job functions to minimize security vulnerabilities.

Remediation

See the Managing Access Keys for IAM Users and Enabling a Sign-in Console Password for IAM Users documentation for console remediation steps to remove either Console access or Access Keys.