Kloudle
academy

How to remove the Access key of a user in AWS

Akash Mahajan
#aws#cloudsecurity#IAM
Feature image

Introduction

An IAM user can have an Access Key and a Secret Key that can then be used to perform actions using the AWS CLI or programmatically. Each user is allowed to generate 2 sets of Access keys.

IAM user access keys that are not being used should be removed. Having numerous unused access keys extends the attack surface. These keys provide the same level of access as the user’s credentials, therefore, based on the permissions the user has been assigned, a key theft or leakage incident may result in a platform wide compromise.

In this article, we will provide a step by step walkthrough of how to remove the Access key for an IAM user in AWS.

Note: Before removing an Access key make sure it is not being used anywhere currently so that you can ensure that no application or access is broken due to key deletion.

Remove the Access key for an IAM user

Following are the steps to remove the Access key for an IAM user in AWS:

  1. Login to AWS Management Console and navigate to IAM service

    IAM Service

  2. Under Access management on IAM dashboard, go to Users

    IAM Users

  3. On the Users page we can see the list of users and the age of their active Access key. Select the user from the list for whom you want to remove the Access key

    Select IAM User

  4. On Summary page, click on Security credentials tab

    Security Credentials

  5. Under Access keys section, we can see the access keys and their status for the user

    Access Keys Section

  6. Click on Actions drop-down and select Delete option (If you are not sure whether the Access key is being used anywhere or not, you can deactivate the key initially by selecting the Deactivate option and delete it when you are sure that it is not in use.)

    Delete Action

  7. To delete an active Access key, we must first deactivate the key. Click on Deactivate

    Deactivate Key

  8. Provide the Access key ID of the key that we want to delete and click on Delete button

    Access Key ID

  9. The Access key has been successfully deleted for the user

    Access Key Removed

← Back to Academy