IAM.3 IAM users' access keys should be rotated every 90 days or less

access keys enable machines, applications, or scripts to programmatically authenticate and access aws services, requiring rotation every 90 days or less to enhance security, minimizing the risk of unauthorized access from compromised keys aws strongly recommends rotating access keys for iam users, allowing up to two active keys per user to facilitate seamless rotation go to iam dashboard under iam dashboard , select users filter access key id whomever has a access key id that has been active longer then 90 days needs to be rotated select user with access key > 90 days from this view , select the user that has an access key older then 90 days click on security credentials you can have up to two access keys rotate them every 90 days for security here, we'll create a new key since only one exists if you already have two, select the other key to proceed click on create access key after completing the guide , click on create access key update applications and delete old keys update applications find where the old key is used check where the old access key is configured (e g , aws cli, scripts, or applications) replace with new key for aws cli, update the credentials file (usually / aws/credentials) \[default] aws access key id = \<new access key id> aws secret access key = \<new secret key> for other applications, update their configuration with the new access key test the new key run a simple command to confirm it works, e g aws sts get caller identity repeat for other users go through each iam user with access keys and repeat steps 2–4 if their keys are approaching or exceed 90 days review if all access keys are green! go to users > filter on active key age > make sure all are green (< 90 days)