Severity : Medium
Description : IAM roles that have not been used for a long period may contain old access policies that could allow unintended access to resources if accidentally attached to new services. These roles should be deleted.
Remediation Steps : Delete IAM roles that have not been used within the expected time frame.