AWS Config Rules: IAM User Unused Credentials Check

IAM_USER_UNUSED_CREDENTIALS_CHECK

Fernando Honig

Last Update 8 months ago

Description: Checks if your AWS Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided. 


Trigger type: Periodic


AWS Region: All supported AWS regions


How to Resolve Manually

This config rule checks if IAM users have passwords or active access keys that have not been used within 30 days.


To resolve this manually, sign up to your AWS Management Console and go to IAM (Identity and Access Management) service.

Select the non-compliant User and reset the password, revoke the Access Key or just delete the User.


How to Resolve with StackZone

StackZone can remediate this AWS Config Rule for you by allowing StackZone to automatically disable  passwords older than 30 days and/or deactivate keys of that same age.


To enable this remediation, head on over to Provisioning > Baseline Services > AWS Config Rules Global > IAM and enable IAM User Unused Credential Remediation


Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us