Credentials unused for 180 days or greater are not disabled
Description
AWS IAM users access AWS resources using different types of credentials, such as passwords or access keys. We recommend that all credentials that have been unused for 180 or greater days be removed or deactivated. Disabling or removing unnecessary password access to an account reduces the risk of credentials being misused.
Fix - Runtime
AWS Console
To manually remove or deactivate credentials:
- Log in to the AWS Management Console as an IAM user at https://console.aws.amazon.com/iam/.
- Navigate to IAM Services.
- Select Users.
- Select Security Credentials.
- Select Manage Console Password, then select Disable.
- Click Apply.
- If there is an access key that is unused, disable or delete the access key.