Do not set up access keys during initial user setup for all IAM users that have a console password

1.21 Identity and Access Management (AWS CIS Benchmark).

Description

AWS console marks the checkbox for creating access keys enabled by default. This results in many access keys being generated unnecessarily. In addition to unnecessary credentials, this also generates unnecessary management work when it comes to auditing and rotating these keys.

Delete access keys that do not pass the audit via the AWS Management Console

Step 1. Log in to the AWS Management Console at https://console.aws.amazon.com/vpc/home.

Step 2. Click on Services.

Step 3. Click on IAM.

Step 4. Click on Users.

Step 5. Click on Security Credentials.

Step 6. As an Administrator, click on Delete for keys that were created at the same time as the user profile but have not been used.

As an IAM User, click on Delete for keys that were created at the same time as the user profile but have not been used.

Delete access keys that do not pass the audit via CLI

Run the following command:

iam delete-access-key