Ensure credentials unused for 90 days or greater are disabled

Error: Credentials unused for 90 days or greater are not disabled

Bridgecrew Policy ID: BC_AWS_IAM_3
Severity: HIGH

Credentials unused for 90 days or greater are not disabled

Description

AWS IAM users access AWS resources using different types of credentials, such as passwords or access keys. We recommend that all credentials that have been unused for 90 or greater days be removed or deactivated. Disabling or removing unnecessary password access to an account reduces the risk of credentials being misused.

Fix - Runtime

AWS Console

To manually remove or deactivate credentials:

  1. Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
  2. Navigate to IAM Services.
  3. Select Users.
  4. Select Security Credentials.
  5. Select Manage Console Password, then select Disable.
  6. Click Apply.
  7. If there is an unused access key, disable or delete the key.