Lists all IAM users whose password has not used in {X} days.


As a security best practice, we recommend that you, an administrator, regularly rotate (change) the access keys for IAM users in your account. If your users have the necessary permissions, they can rotate their own access keys. For information about how to give your users permissions to rotate their own access keys, see Allow Users to Manage Their Own Passwords, Access Keys, and SSH Keys.

You can also apply a password policy to your account to require that all of your IAM users periodically rotate their passwords,. You can choose how often they must do so. For more information, see Setting an Account Password Policy for IAM Users.

Suggested Action

We recommend that you also regularly rotate them user account keys. Ideally, you should reduce or eliminate your use of AWS keys and reduce the number of keys used entirely. In many scenarios, you don’t need a long-term access key that never expires (as you have with an IAM user). Instead, you can create IAM roles and generate temporary security credentials. keys.html#Using_RotateAccessKey

If you must use keys, rotate them regularly. You can create, modify, or view AWS keys here .

Also consider using Amazon’s Key Management Service .

Tags: iam