IAM User Access Keys Not Used in the Last 30 Days

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An Identity Access and Management (IAM) user has an access key that has not been used in the past 30 days. IAM user access key credentials could be compromised and exploited to gain access to the AWS API for your environment. Inactive IAM users should be deleted or have their passwords and access keys removed.