Ensure access keys are rotated every 30 days or less

Error: Access keys are not rotated every 30 days or less

Bridgecrew Policy ID: BC_AWS_IAM_24
Severity: MEDIUM

Access keys are not rotated every 30 days or less

Description

Access keys of IAM accounts should be rotated to decrease the likelihood of accidental exposure, and to protect AWS resources against unauthorized access.

We recommend access keys of IAM accounts are rotated every 30 days or less.

Fix - Runtime

AWS Console

To rotate access keys, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Navigate to IAM users, and select the relevant user.
  3. If the user has two active access keys, deactivate and then delete one of them. If the user has two keys and one of them is deactivated, then delete it.
  4. Create a new access key. You should now have two active access keys.
  5. Deactivate the old access key.

Mac users can also use this tool: https://github.com/Fullscreen/aws-rotate-key.