Authentication

Access key not rotated in the last 90 days

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Access keys provide programmatic access to a given user. Since they are used in code, configuration files, on premise and cloud storages, they may be stolen, and therefore should be rotated often. We have found that the user {AliCloudUser} (ID: {AliCloudUser.UserId}) has an access key that was not rotated in the last 90 days.
  • Recommended Mitigation

    Disable and delete the access key and create a new one, if needed.