IAM Access Key Should Be Rotated

Overview

Access keys are a static credential that consists of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. Static credentials always represent a risk of lost or stolen credentials, especially when not paired with MFA. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.

Rotating access keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used. Access keys should be rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen.

Vendor

AWS

Cloud Service

IAM

CIS AWS v1.5.0 1.14, IAM.3

References

https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#iam-user-access-keys, https://aws.amazon.com/blogs/security/how-to-rotate-access-keys-for-iam-users

Severity

Item Types

AWS::IAM::User

Overview​

Vendor​

Cloud Service​

Related Controls​

References​

Severity​

Item Types​