Identify and deactivate any unnecessary IAM access keys as a security best practice. AWS allows you to assign maximum two active access keys but this is recommended only during the key rotation process. Cloud Conformity strongly recommends deactivating the old key once the new one is created so only one access key will remain active for the IAM user.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Removing unnecessary AWS IAM access keys will lower the risk of unauthorized access to your AWS resources and components, and adhere to AWS IAM security best practices.
To determine if your AWS IAM users have unnecessary active access keys, perform the following:
To deactivate any unnecessary IAM access keys, you need to perform the following: