Unless there is a requirement for programmatic access, the access keys should not be created for an IAM user as these additional set of credentials increase the attack surface of the AWS account. If there are active access keys created for IAM users in the AWS account that are not being actively used or are not required at all, then those keys should be either deactivated or removed completely.
When not sure whether an access key is being used somewhere or not, deleting it right away can cause accessibility issues. In such case it is better to deactivate the key first and once you are sure that there is no dependency, the key can be deleted.
In this article we will take a look at how to deactivate the Access key for an IAM user using AWS console.
Following are the steps to deactivate the Access key for an IAM user using AWS console:
Login to AWS Management Console and navigate to IAM service
Under Access management on IAM dashboard, go to Users
To deactivate a user’s Access key, click on the user name for that user
On Summary page, click on Security credentials tab
Under Access keys section, we can see the access keys and their status for the user
Click on Actions dropdown button and select Deactivate
A pop-up will appear to confirm the action. Click on Deactivate button
We can see that the status for access key is now Inactive which means the access key has been successfully deactivated
