Skip to main content

lacework-global-119

Ensure public ssh keys are rotated every 90 days or less

Description

IAM SSH key pairs are used to access AWS CodeCommit repositories. It is recommended to regularly rotate SSH public keys to limit your window of exposure if a key is compromised.

Remediation

Perform the following to rotate public SSH keys:

  1. Log in to the AWS Management Console.

  2. Click Services.

  3. Click IAM and select Users.

  4. Open the IAM user of interest and select the Security Credentials tab.

  5. Click Make Inactive for keys that are older than 90 days.

  6. Click Upload SSH public key to upload a new public key created by the IAM user.

  7. After the IAM user tests the change, delete the inactive key.