The affected account has multiple active AWS access keys.


You use different types of security credentials depending on how you interact with AWS. For example, you use a user name and password to sign in to the AWS Management Console. You use access keys to make programmatic calls to AWS API actions. For security reasons, AWS doesn’t allow you to retrieve your passwords or secret access keys and does not store the private keys that are part of a key pair. However, you can create new credentials and then disable or delete the old credentials. Access keys consist of an access key ID and a secret access key. You use access keys to sign programmatic requests that you make to AWS if you use the AWS SDKs, REST, or Query APIs. You can have a maximum of two access keys (active or inactive) at a time.

However, having multiple access keys may lead to increased complexity or security risks involved in tracking and securing these keys.

Suggested Action

Ideally, you should reduce or eliminate your use of AWS keys and reduce the number of keys used entirely. In many scenarios, you don’t need a long-term access key that never expires (as you have with an IAM user). Instead, you can create IAM roles and generate temporary security credentials.

If you must use keys, rotate them regularly. You can create, modify, or view AWS keys here .

Tags: iam