Credentials unused for 180 days or greater are not disabled

Description

AWS IAM users authenticate and gain access to AWS resources through various credential types, including passwords and access keys. It is highly recommended to remove or deactivate any credentials (such as passwords or access keys) that have not been utilized for 180 days or more. Disabling or eliminating inactive credentials mitigates the risk of potential misuse, ensuring that unused access points do not serve as vectors for unauthorized access or exploitation.

Fix - Runtime

AWS Console

To manually remove or deactivate credentials:

  1. Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
  2. Navigate to IAM Services.
  3. Select Users.
  4. Select Security Credentials.
  5. Select Manage Console Password, then select Disable.
  6. Click Apply.
  7. If there is an access key that is unused, disable or delete the access key.
ReLambda