| Plugin Title | Access Keys Last Used |
| Cloud | AWS |
| Category | IAM |
| Description | Detects access keys that have not been used for a period of time and that should be decommissioned |
| More Info | Having numerous, unused access keys extends the attack surface. Access keys should be removed if they are no longer being used. |
| AWS Link | http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html |
| Recommended Action | Log into the IAM portal and remove the offending access key. |
- Log into the AWS Management Console.
- Select the "Services" option and search for IAM.
- Scroll down the left navigation panel and choose "Users".
- Select the "User" that needs to be verified and click on the "User name" to access the selected "IAM User".
- Click on the "Security Credentials" under the configuration page.
- Scroll down and under "Security Credentials" check the "Last used" cloumn in "Access keys" to determine the last date of "Access Key" used by the selected "User".
- Repeat the steps number 4 - 6 to check the "Access Keys" last used date for another user.
- To remove the "Access Key" which is not used for a period of time click on "Security Credentials" under IAM user configuration page and select the "Access Key ID" which needs to be removed.
- Click on the cross(×) symbol at the extreme right to remove the selected key.
- Click on "Delete" button under "Delete access key" tab to delete the extra "Access Key".
