Access Keys Last Used

Quick Info

Plugin TitleAccess Keys Last Used
DescriptionDetects access keys that have not been used for a period of time and that should be decommissioned
More InfoHaving numerous, unused access keys extends the attack surface. Access keys should be removed if they are no longer being used.
AWS Link
Recommended ActionLog into the IAM portal and remove the offending access key.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “Users”.
  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User”.
  5. Click on the “Security Credentials” under the configuration page.
  6. Scroll down and under “Security Credentials” check the “Last used” cloumn in “Access keys” to determine the last date of “Access Key” used by the selected “User”.
  7. Repeat the steps number 4 - 6 to check the “Access Keys” last used date for another user.
  8. To remove the “Access Key” which is not used for a period of time click on “Security Credentials” under IAM user configuration page and select the “Access Key ID” which needs to be removed.
  9. Click on the cross(×) symbol at the extreme right to remove the selected key.
  10. Click on “Delete” button under “Delete access key” tab to delete the extra “Access Key”.