lacework-global-121
IAM user should not be inactive for more than 30 days
Description
IAM users can access the AWS console using a password with optional MFA, and can use keys for programmatic access. It is recommended to disable console and programmatic access for IAM users who have been inactive for more than 30 days.
Remediation
Perform the following to manage unused credentials:
Log in to the AWS Management Console.
Click Services.
Click IAM and select Users.
Open the IAM user of interest and select Security Credentials tab.
If the user has an unused password, under the Sign-in credentials section, click Manage against Console password.
Select the Disable option for Console access and click Apply.
If there is an unused access key, then click Make inactive against the access key.
In the pop-up window, click Deactivate to confirm.