Aws Old Access Keys
Description
Detects IAM users who have active access keys that haven't been rotated in over 90 days. Having old access keys increases security risk since compromised credentials would remain valid for longer periods, potentially leading to unauthorized access.
Detection Strategy
• Examines both access keys (access_key_1 and access_key_2) for each IAM user
• Reports a vulnerability if any active access key's last rotation date is more than 90 days old
• Only checks users who have active access keys (access_key_1_active or access_key_2_active is true)
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.