Identify and remove any unused IAM access keys in order to protect your AWS resources against unapproved access. An IAM user access key pair is rendered as unused when is not being used for a specified period of time - in this case 30 days.
Removing unused AWS IAM credentials can significantly reduce the risk of unauthorized access to your AWS resources. Ideally, you will want to restrict access to your resources for IAM users who leave your organization or applications and tools that are no longer using these resources.
To determine if your AWS IAM users have any unused (> 30 days) access keys currently active, perform the following:
To remove any unused (non-operational for more than 30 days) IAM access keys, you need to perform the following: