This rule specifies that IAM user access keys must be rotated every 90 days to enhance security.
Rule | IAM user access keys should be rotated at least every 90 days |
Framework | NIST 800-53 Revision 5 |
Severity | ✔ Low |
Rule: IAM user access keys should be rotated at least every 90 days
This rule is based on the NIST 800-53 Revision 5 security guideline, which recommends rotating IAM user access keys to enhance security and mitigate the risk of unauthorized access to AWS resources.
Description:
IAM user access keys provide programmatic access to AWS services and resources. By regularly rotating these access keys, the risk of unauthorized access is reduced as any compromised or leaked access keys become obsolete after the rotation.
Troubleshooting Steps:
There are no specific troubleshooting steps for this rule, as it primarily focuses on policy enforcement rather than resolving technical issues. However, if an IAM user's access key needs to be rotated manually, the following remediation guide can be followed.
Remediation Guide:
To comply with the NIST 800-53 Revision 5 guideline of rotating IAM user access keys every 90 days, the following steps can be taken:
Identify IAM users whose access keys need to be rotated.
CLI Command:
aws iam list-users
Generate new access keys for the identified IAM users.
CLI Command:
aws iam create-access-key --user-name <user-name>
Store the new access keys securely.
Update the access keys for the IAM users.
CLI Command:
aws iam update-access-key --access-key-id <old-access-key-id> --status Inactive
CLI Command:
aws iam update-access-key --access-key-id <new-access-key-id> --status Active
Communicate the updated access keys to the respective IAM users.
Verify the access key rotation.
By following these steps, IAM user access keys will be rotated at least every 90 days, as recommended by the NIST 800-53 Revision 5 security guideline. This enhances the security of AWS resources and minimizes the risk of unauthorized access.