Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

IAM User Access Key Rotation Rule

This rule states that IAM user access keys must be rotated every 90 days to enhance security.

RuleIAM user access keys should be rotated at least every 90 days
FrameworkNIST 800-53 Revision 5
Severity
Low

IAM User Access Key Rotation Rule Description

IAM (Identity and Access Management) is a service provided by AWS (Amazon Web Services) that enables users to manage access to various AWS resources securely. One important security measure in IAM is the rotation of user access keys. This rule is based on the NIST 800-53 Revision 5 standard and specifies that IAM user access keys should be rotated at least every 90 days.

Troubleshooting Steps

  • If an IAM user does not have any access keys, they will not be impacted by this rule.
  • If an IAM user has multiple access keys, they need to ensure that all the access keys are rotated within the specified time frame.

Necessary Codes (if applicable)

No specific code is required for this rule. The access key rotation can be managed through the AWS Management Console, AWS CLI (Command-Line Interface), or AWS SDKs (Software Development Kits).

Step-by-Step Guide for Remediation

To comply with the IAM User Access Key Rotation rule, follow the steps below:

  1. 1.

    Identify IAM Users with Access Keys:

    • Go to the IAM Management Console.
    • Click on "Users" in the left navigation pane.
    • Identify the IAM users who have access keys.
  2. 2.

    Check Access Key Age:

    • Select an IAM user and click on the "Security credentials" tab.
    • Under "Access keys", check the "Age" column to determine if any access key is older than 90 days.
  3. 3.

    Disable Old Access Key (if necessary):

    • If you find an access key older than 90 days, select it and click on "Deactivate".
    • Verify that the user has at least one active access key for ongoing use.
  4. 4.

    Create a New Access Key:

    • Click on "Create access key" button.
    • Record the new access key pair (Access Key ID and Secret Access Key) securely. Note: The Secret Access Key is only displayed once during creation.
  5. 5.

    Update Access Key for the User:

    • Provide the new Access Key ID and Secret Access Key to the user and ensure they update their access key credentials in their applications or scripts.
  6. 6.

    Repeat for Other Users (if applicable):

    • Repeat steps 2-5 for all users with access keys.

By following the above steps, IAM users can ensure compliance with the IAM User Access Key Rotation rule as per the NIST 800-53 Revision 5 standard. Regular access key rotation helps in minimizing the risk of compromise and unauthorized access to AWS resources.

Is your System Free of Underlying Vulnerabilities?
Find Out Now