Disable or remove any unused Amazon IAM user credentials such as access keys and passwords in order to protect your AWS resources against unapproved access. AWS IAM user credentials are considered unused when these are not being used for a specified period of time – in this case 90 days or more.
Disabling or removing unused AWS IAM user credentials can significantly reduce the risk of unauthorized access to your AWS cloud resources. Ideally, you will want to restrict access for IAM users who leave your organization or for applications and tools that are no longer using these credentials.
To determine if there are any IAM users with unused credentials available in your AWS account, perform the following actions:
Case A: To remove any unused (non-operational for 90 days or more) IAM user access keys, perform the following actions:
Case B: To decommission unused AWS IAM user passwords, perform the following actions: