- Home
- »
- AWS Documentation
- »
- IAM
- »
- Ensure active access keys are used every 90 days or less
Active access keys are not used every 90 days or less
Description
To reduce the risk of accidental exposure and protect AWS resources from unauthorized access, IAM access keys should be rotated periodically.
Recommendation:
IAM access keys should be rotated at intervals not exceeding 90 days, or more frequently if warranted, to minimize the potential for key compromise and enhance the security posture of AWS resources.
Fix - Runtime
AWS Console
To rotate access keys, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Navigate to IAM users, and select the relevant user.
- If the user has two active access keys, deactivate and then delete one of them. If the user has two keys and one of them is deactivated, then delete it.
- Create a new access key. You should now have two active access keys.
- Deactivate the old access key.
Mac users can also use this tool: https://github.com/Fullscreen/aws-rotate-key.