Ensure that no Amazon IAM access keys are created during initial setup for all IAM users that have a console password. By default, during IAM user setup process, AWS Management Console sets the checkbox for creating access keys to enabled, generating unnecessary access credentials that need to be managed and protected against exposure.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Unnecessary AWS IAM access keys generate unnecessary management work in auditing and rotating IAM credentials. Even if it's known that the IAM user will need these keys, Cloud Conformity recommends promoting the access keys creation as a separate step from IAM user creation as security best practice.
To identify any access keys created during IAM user initial setup, perform the following actions:
To remove any unnecessary and unused AWS IAM access keys, perform the following actions: