IAM user access keys should be rotated every 90 days or less¶
Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS via the AWS CLI, PowerShell, or APIs. It is recommended that all access keys be rotated every 90 days or less.
CLI Remediation Steps¶
Rotate access keys within AWS CLI:
aws iam create-access-key
aws iam get-access-key-last-used
aws iam update-access-key
Validate that the new access key is working and then delete the old key.
aws iam delete-access-key