An IAM user can have an Access Key and a Secret Key that can then be used to perform actions using the AWS CLI or programmatically. Each user is allowed to generate 2 sets of Access keys.
IAM user access keys that are not being used should be removed. Having numerous unused access keys extends the attack surface. These keys provide the same level of access as the user’s credentials, therefore, based on the permissions the user has been assigned, a key theft or leakage incident may result in a platform wide compromise.
In this article, we will provide a step by step walkthrough of how to remove the Access key for an IAM user in AWS.
Note: Before removing an Access key make sure it is not being used anywhere currently so that you can ensure that no application or access is broken due to key deletion.
Following are the steps to remove the Access key for an IAM user in AWS:
Login to AWS Management Console and navigate to IAM service
Under Access management on IAM dashboard, go to Users
On the Users page we can see the list of users and the age of their active Access key. Select the user from the list for whom you want to remove the Access key
On Summary page, click on Security credentials tab
Under Access keys section, we can see the access keys and their status for the user
Click on Actions drop-down and select Delete option (If you are not sure whether the Access key is being used anywhere or not, you can deactivate the key initially by selecting the Deactivate option and delete it when you are sure that it is not in use.)
To delete an active Access key, we must first deactivate the key. Click on Deactivate
Provide the Access key ID of the key that we want to delete and click on Delete button
The Access key has been successfully deleted for the user