Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests that you make to AWS. AWS users need their own access keys to make programmatic calls to AWS from the AWS Command Line Interface (AWS CLI), Tools for Windows PowerShell, the AWS SDKs, or direct HTTP calls using the APIs for individual AWS services. It was detected that AWS user {AwsUser.Name} has an access key that was not rotated in the last 90 days. It is advised that all access keys be regularly rotated to ensure that data cannot be accessed with an old key which might have been lost, cracked, or stolen. Rotating access keys will reduce the window of opportunity for an access key that is associated with a compromised or terminated account to be used.
  • Recommended Mitigation

    It is recommended to deactivate or delete the access key and create a new one. User access keys should be rotated every 90 days in order to decrease the likelihood of accidental exposures and protect your resources against unauthorized access.