Access Keys Older Than 90 Days

Risk Level

Informational (4)



Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It is recommended that all access keys be regularly rotated.
  • Recommended Mitigation

    Access Keys should be rotated every 90 days or less to comply with AWS security best practices