Ensure access keys are not provisioned for users with console access

Access keys are created for programmatic access and should only be leveraged in this regard. For this reason it is considered a security best practice to ensure the account is not used and monitor its usage. Ensuring that the root account is not used will help you with CIS and NIST Compliance.

Audit & Remediation

  • Login into your AWS account.
  • Navigate to the IAM service at: https://console.aws.amazon.com/iam
  • On the left hand panel, navigate to Access reports, the select Credential report.
  • Select the button Download Report.
  • Open up the excel spreadsheet that was downloaded and filter on password_enabled set to true and access_key_1_active set to true.
  • Filter on password_enabled set to true and access_key_2_active set to true.



  • Delete any access keys related to the user accounts that you have flagged in the previous step.
  • Repeat the outlined steps in each of your accounts.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +