IAM users should only have one active access key available¶
Description¶
Access keys enable an IAM user to sign requests to the AWS CLI or API, and are long-term credentials that enable programmatic actions. To safeguard access, only one access key should ever be available to a given IAM user.
Console Remediation Steps¶
CLI Remediation Steps¶
To remove extra access keys:
aws iam update-access-key --access-key-id <access-key-id> --status Inactive --user-name <user-name>
To confirm that the selected access key pair is successfully deactivated:
aws iam list-access-keys --user-name <user-name>