Ensure IAM access keys are rotated every 90 days

IAM access keys work as credentials for programmatic access. Credentials should be rotated or changed on a periodic time frame. For this reason it is considered a security best practice to rotate access keys. Ensuring that your account is restricted with MFA will help you with CIS and NIST Compliance.

Audit & Remediation

  • Login into your AWS account (with your root account)
  • Navigate to the IAM service at: https://console.aws.amazon.com/iam
  • On the left hand panel, select Users.
  • Look under the column Access key agate is greater than 90 days.



  • For each account that you have determined to have access keys that are beyond 90 days, select the account.
  • Under Summary select Security credentials then under Access keys select Create access key.



  • Copy the key that you have just created and update the location where you are currently using this key.



  • Once you have updated the script or location where the access key is being used, select Make inactive next to the old access key.



  • Repeat the outlined steps in each of your accounts.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +