How to deactivate the Access key of a user in AWS

Pragti Chauhan
Feature image


Unless there is a requirement for programmatic access, the access keys should not be created for an IAM user as these additional set of credentials increase the attack surface of the AWS account. If there are active access keys created for IAM users in the AWS account that are not being actively used or are not required at all, then those keys should be either deactivated or removed completely.

When not sure whether an access key is being used somewhere or not, deleting it right away can cause accessibility issues. In such case it is better to deactivate the key first and once you are sure that there is no dependency, the key can be deleted.

In this article we will take a look at how to deactivate the Access key for an IAM user using AWS console.

Deactivate the Access key for an IAM user

Following are the steps to deactivate the Access key for an IAM user using AWS console:

  1. Login to AWS Management Console and navigate to IAM service

    IAM Service

  2. Under Access management on IAM dashboard, go to Users

    IAM Users

  3. To deactivate a user’s Access key, click on the user name for that user

    Select IAM User

  4. On Summary page, click on Security credentials tab

    Security Credentials

  5. Under Access keys section, we can see the access keys and their status for the user

    Access Keys

  6. Click on Actions dropdown button and select Deactivate

    Deactivate Access Key

  7. A pop-up will appear to confirm the action. Click on Deactivate button

    Access Key Deactivation Pop-up

  8. We can see that the status for access key is now Inactive which means the access key has been successfully deactivated

    Inactive Access Key

← Back to Academy