Access Key Used Within the Specified Period
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
access-keys-last-use-check |
|
Identifier |
Access Key Used Within the Specified Period |
|
Description |
If the access key of an IAM user is not used within a specified period, the check result is non-compliant. |
|
Tag |
iam |
|
Trigger Type |
Periodic |
|
Filter Type |
iam.users |
|
Rule Parameters |
maxAccessKeyIdleDay: Maximum number of days an access key remain unused evaluateDisabledUser: Whether to evaluate disabled users |
Application Scenarios
Enterprise users usually use access keys (AK/SK) to access cloud resources through APIs. You need to delete idle access keys to reduce potential security risks, such as key leakage.
Solution
Delete idle access keys on the console.
Rule Logic
- If an IAM user does not have an access key, the check result is compliant.
- If the access key of an IAM user has been used within the specified period, the check result is compliant.
- If the access key of an IAM user has not been used within the specified period, the check result is non-compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
