Access keys provide programmatic access to a given user. Since they are used in code, configuration files, on premise and cloud storages, they may be stolen, and therefore should be rotated often. We have found that the user {AliCloudUser} (ID: {AliCloudUser.UserId}) has an access key that was not rotated in the last 90 days.
  • Recommended Mitigation

    Disable and delete the access key and create a new one, if needed.