Ensure credentials unused for 180 days or greater are disabled

Error: Credentials unused for 180 days or greater are not disabled

Bridgecrew Policy ID: BC_AWS_IAM_53
Severity: CRITICAL

Credentials unused for 180 days or greater are not disabled

Description

AWS IAM users access AWS resources using different types of credentials, such as passwords or access keys. We recommend that all credentials that have been unused for 180 or greater days be removed or deactivated. Disabling or removing unnecessary password access to an account reduces the risk of credentials being misused.

Fix - Runtime

AWS Console

To manually remove or deactivate credentials:

  1. Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
  2. Navigate to IAM Services.
  3. Select Users.
  4. Select Security Credentials.
  5. Select Manage Console Password, then select Disable.
  6. Click Apply.
  7. If there is an access key that is unused, disable or delete the access key.