Identify and deactivate any unnecessary IAM access keys as a security best practice. AWS allows you to assign maximum two active access keys but this is recommended only during the key rotation process. Cloud Conformity strongly recommends deactivating the old key once the new one is created so only one access key will remain active for the IAM user.
This rule can help you with the following compliance standards:
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Removing unnecessary AWS IAM access keys will lower the risk of unauthorized access to your AWS resources and components, and adhere to AWS IAM security best practices.
To determine if your AWS IAM users have unnecessary active access keys, perform the following:
Remediation / Resolution
To deactivate any unnecessary IAM access keys, you need to perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Unnecessary Access Keys
Risk level: Medium