Unused IAM User Credentials

Overview

AWS IAM users can access AWS resources using different types of credentials, such as passwords or access keys. It is recommended that all credentials that have been unused in 45 or greater days be deactivated or removed.

Disabling or removing unnecessary credentials will reduce the window of opportunity for credentials associated with a compromised or abandoned account to be used.

Vendor

AWS

Cloud Service

IAM

CIS AWS v1.5.0 1.12, IAM.8, IAM.22

References

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_finding-unused.html

Severity

Item Types

AWS::IAM::User

Overview​

Vendor​

Cloud Service​

Related Requirements​

Related Controls​

References​

Severity​

Item Types​