AWS-IAM-Access-Keys-Last-Used

Severity: Medium

Description: This control ensures that  IAM Users having active access keys and have not used for 90 days or more. It is recommended that all users access keys that have been unused in 90 or greater days be removed or deactivated. Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.

Remediation Steps:

Perform following to update IAM policy for IAM user :

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to IAM console.

3. In the navigation pane, choose Users.

4. In the User Name list, Choose the name of the user whose access key(s) have not been used in 90 Days.

5. Choose the Security Credentials tab.

6. If needed, expand the Access Keys section and do any of the following:

   • To disable an active access key, choose Make Inactive.

   • To delete an access key, click X and then choose Delete to confirm.

Important:

• Changes in account credentials may take up to 4 hours to get reflected in the AWS IAM evaluations

Reference:

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

• https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html