Access keys are not rotated every 45 days or less

Description

To mitigate the risk of accidental exposure and safeguard AWS resources from unauthorized access, it is essential to rotate IAM access keys regularly.

Recommendation:
IAM access keys should be rotated at a maximum interval of 45 days, or more frequently if possible, to minimize the potential for compromise and ensure ongoing security of AWS resources.

Fix - Runtime

AWS Console​

To rotate access keys, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Navigate to IAM users, and select the relevant user.
  3. If the user has two active access keys, deactivate and then delete one of them. If the user has two keys and one of them is deactivated, then delete it.
  4. Create a new access key. You should now have two active access keys.
  5. Deactivate the old access key.

Mac users can also use this tool: https://github.com/Fullscreen/aws-rotate-key.

ReLambda