Identify and deactivate any unnecessary IAM access keys as a security best practice. AWS allows you to assign maximum two active access keys but this is recommended only during the key rotation process. Cloud Conformity strongly recommends deactivating the old key once the new one is created so only one access key will remain active for the IAM user.
Removing unnecessary AWS IAM access keys will lower the risk of unauthorized access to your AWS resources and components, and adhere to AWS IAM security best practices.
To determine if your AWS IAM users have unnecessary active access keys, perform the following:
To deactivate any unnecessary IAM access keys, you need to perform the following: