Access keys are not rotating every 90 days or less
Incident Management is now generally available! Incident Management is now generally available!
<  Back to rules search

Access keys are not rotating every 90 days or less

iam

Classification:

compliance

Overview

Description

Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. You should regularly rotate all access keys.

Rationale

Rotating access keys reduces the window of opportunity for an access key that is associated with a compromised or terminated account to be used. Access keys should be rotated to ensure that data cannot be accessed with an old key that might have been lost, cracked, or stolen.

Remediation

See the CIS AWS Foundations Benchmark controls docs for console remediation steps.

Impact

None

Default Value

None

References

  1. CCE-78902-4

CIS Controls

16 Account Monitoring and Control