How to resolve Sprinto check for disabling inactive AWS users credentials
About:
Sprinto Check: AWS credentials not used in last 90 days should be disabled
This Sprinto check identifies AWS access keys and password credentials that have not been used for the last 90 days or more and ensures that they are disabled or removed from your AWS environment. The check starts failing if Sprinto detects any user credential not used for more than 90 days.
Note: The Sprinto check verifies the last activity on all the AWS IAM users' accounts. Please note that your AWS root accounts are excluded from this computation.
Purpose:
The purpose of this check is to enhance the security posture of your AWS account by disabling or removing unused credentials, which can become potential attack vectors if they remain active and unmonitored.
How to fix:
Follow the below procedure to resolve the following check:
Before you begin:
Ensure you have administrator privileges on the AWS account to manage credentials.
Deactivate login credentials:
Log in to the AWS Console using your credentials.
Navigate to the AWS IAM service.
Click Users from the navigation bar on the left side.
Review the users' last activity and select the user from the list whose credentials have been inactive for more than 90 days.
Select the Security credentials, and click Manage from the Console Sign-in section.
Select Disable console access option, and click Disable access.
On the same user’s page, click Deactivate under Actions from the Access keys section.
Confirm your deactivation action.
Repeat the above steps for all the users whose credentials have been inactive for more than 90 days.
Sprinto detects the configuration change and sets the check status to "Passing."
Contact Sprinto support if you have any queries related to the check or need assistance.