No more than one active SSH public key should be assigned to a single user

ssh

Description

This control ensures that no more than one active SSH public key is assigned to a single IAM user.

Limiting the number of active SSH public keys per user helps reduce the attack surface and minimizes the complexity of managing user access. This practice strengthens security by ensuring better control over user credentials.

Remediation

To enforce a policy of having only one active SSH public key per IAM user, review and manage SSH keys through the AWS Management Console, CLI, or API. Refer to the AWS IAM User Guide for instructions on managing user credentials and SSH keys.