Access Keys Rotated

Quick Info

Plugin TitleAccess Keys Rotated
DescriptionEnsures access keys are not older than 180 days in order to reduce accidental exposures
More InfoAccess keys should be rotated frequently to avoid having them accidentally exposed.
AWS Link
Recommended ActionTo rotate an access key, first create a new key, replace the key and secret throughout your app or scripts, then set the previous key to disabled. Once you ensure that no services are broken, then fully delete the old key.

Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the “Services” option and search for IAM.
  3. Scroll down the left navigation panel and choose “Users”.
  4. Select the “User” that needs to be verified and click on the “User name” to access the selected “IAM User”.
  5. Click on the “Security Credentials” under the configuration page.
  6. Scroll down and under “Security Credentials” check the “Last used” cloumn in “Access keys” to determine the last date of “Access Key” used.Any key above 180days which is “Active” is old and expired and needs to be updated to reduce accidental exposures.
  7. Repeat steps number 4 - 6 for the “IAM Users” that need to be verify.
  8. Select the “Security Credentials” tab under the configuration page and click on “Create access key” to create a new key.
  9. Click on the “Download .csv file” to download the new “Secret Access Key” and “Access Key ID” for newly created “Access key”.
  10. Use the new “Access Key” for application(s) code and replace the older key with the new one. Make sure that new “Access key” pair is working fine.
  11. To remove the older “Access Key” once you verified that the new “Access Key” is working fine click on the “Security Credentials” under IAM user configuration page and select the older “Access Key ID” which needs to be removed.
  12. Click on the cross(×) symbol at the extreme right to remove the selected key.
  13. Click on “Delete” button under “Delete access key” tab to delete the older “Access Key”.