<  Back to rules search

IAM access keys older than 1 year have not been used in the last 30 days

iam

Description

This rule identifies IAM access keys that are older than one year and have not been used in the past 30 days.

Rationale

This is a good indicator that an access key or IAM user that is not used anymore, and raises a security risk. IAM access keys are static secrets that do not change. This leak represents a common cause for cloud security breaches.

Remediation

  • Verify that the IAM user is still actively used or if it can be removed.
  • Verify that the IAM access key is still actively used or if it can be removed.
  • If the IAM user is still needed, rotate the access key. For more information, see the AWS documentation.