Cloud Profile 2.8.4: errors in Console investigation steps

[rdegraaf-ncc3]

Currently, the steps to investigate Cloud Profile rule 2.8.4 "Ensure access keys are rotated every 90 days or less" are the following:

From Console:

1. Go to Management Console (https://console.aws.amazon.com/iam)
2. Click on Users
3. Click setting icon
4. Select Console last sign-in
5. Click Close
6. Ensure that the Access key age is less than 90 days ago. note) None in the Access key age means the user has not used the access key.

Step 4 is incorrect: it looks like "Console last sign-in" was copied from somewhere else as it is not relevant to access key age. Also, since the UI controls are toggle switches, I suggest re-wording to make it clear that we mean to enable that column, not to toggle it. So step 4 should be something like the following:

4. Ensure that Active key age is enabled

Additionally, the "note) None in the Access key age means the user has not used the access key." bit in step 6 is poorly formatted and not quite correct. There is no "Access key age" option; the option is "Active key age". AWS Console doesn't put "None" in that column if a key has not been used; if a key exists, then that column gives its age regardless of whether or not it has been used. However, if there is no active access key, then that column contains "-". I suggest replacing step 6 with the following:

6. Ensure that the Active key age column for every user is either "-" (indicating that there is no active access key) or a value of 90 days or less.