More Info:

Multiple access keys for the same user should be avoided. There should be just 1 access key per user account.

Risk Level

Medium

Address

Security

Compliance Standards

CISAWS, CBP, HITRUST

Triage and Remediation

Remediation

Here are the step-by-step instructions to remediate the misconfiguration “User Account Should Not Have Multiple Access Keys” for AWS using the AWS console:

  1. Log in to the AWS Management Console with your AWS account credentials.

  2. Go to the “IAM” dashboard by searching “IAM” in the AWS services search bar.

  3. In the left navigation pane, click on “Users”.

  4. Select the user account that has multiple access keys.

  5. Click on the “Security credentials” tab.

  6. In the “Access keys” section, you will see all the access keys associated with the user account.

  7. Identify the access keys that are not being used or are no longer required.

  8. Click on the “Delete” button next to the access keys that need to be deleted.

  9. In the confirmation dialog box, click on “Yes, Delete” to confirm the deletion of the access key.

  10. Repeat steps 7-9 for all the access keys that need to be deleted.

  11. Once all the unnecessary access keys have been deleted, click on the “Create access key” button to create a new access key.

  12. In the “Create access key” dialog box, click on the “Download .csv” button to download the new access key credentials.

  13. Store the new access key credentials securely.

By following these steps, you will remediate the misconfiguration “User Account Should Not Have Multiple Access Keys” for AWS using the AWS console.

Additional Reading: