How to Find AWS IAM access keys not rotated after 90 days or less
Access keys consist of an access key ID and secret access key which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI)- Tools for Windows PowerShell- the AWS SDKs- or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.
This security check is part of the CIS Amazon Web Services Benchmarks and is rated severity medium.
This guide assumes that you have already installed and configured Resoto to collect your AWS cloud resources.
Execute the following
searchcommand in Resoto Shell or Resoto UI:
> search is(aws_iam_access_key) and access_key_last_used.last_rotated<-90d
kind=aws_iam_access_key, ..., region=resoto-poweruser
kind=aws_iam_access_key, ..., account=poweruser-team
searchcommand into the
> search is(aws_iam_access_key) and access_key_last_used.last_rotated<-90d | dump
The command output will list the details of all non-compliant
Fix detected issues by following the remediation steps:
- Remove all listed access keys.
Please refer to the AWS IAM documentation for details.