Updated on 2025-08-25 GMT+08:00

Access Key Used Within the Specified Period

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

access-keys-last-use-check

Identifier

Access Key Used Within the Specified Period

Description

If the access key of an IAM user is not used within a specified period, the check result is non-compliant.

Tag

iam

Trigger Type

Periodic

Filter Type

iam.users

Rule Parameters

maxAccessKeyIdleDay: Maximum number of days an access key remain unused

evaluateDisabledUser: Whether to evaluate disabled users

Application Scenarios

Enterprise users usually use access keys (AK/SK) to access cloud resources through APIs. You need to delete idle access keys to reduce potential security risks, such as key leakage.

Solution

Delete idle access keys on the console.

Rule Logic

  • If an IAM user does not have an access key, the check result is compliant.
  • If the access key of an IAM user has been used within the specified period, the check result is compliant.
  • If the access key of an IAM user has not been used within the specified period, the check result is non-compliant.