Ensure that the Access key age is less than 90 days ago. note) None in the Access key age means the user has not used the access key.
Step 4 is incorrect: it looks like "Console last sign-in" was copied from somewhere else as it is not relevant to access key age. Also, since the UI controls are toggle switches, I suggest re-wording to make it clear that we mean to enable that column, not to toggle it. So step 4 should be something like the following:
Ensure that Active key age is enabled
Additionally, the "note) None in the Access key age means the user has not used the access key." bit in step 6 is poorly formatted and not quite correct. There is no "Access key age" option; the option is "Active key age". AWS Console doesn't put "None" in that column if a key has not been used; if a key exists, then that column gives its age regardless of whether or not it has been used. However, if there is no active access key, then that column contains "-". I suggest replacing step 6 with the following:
Ensure that the Active key age column for every user is either "-" (indicating that there is no active access key) or a value of 90 days or less.
Currently, the steps to investigate Cloud Profile rule 2.8.4 "Ensure access keys are rotated every 90 days or less" are the following:
Step 4 is incorrect: it looks like "Console last sign-in" was copied from somewhere else as it is not relevant to access key age. Also, since the UI controls are toggle switches, I suggest re-wording to make it clear that we mean to enable that column, not to toggle it. So step 4 should be something like the following:
Additionally, the "note)
None
in theAccess key age
means the user has not used the access key." bit in step 6 is poorly formatted and not quite correct. There is no "Access key age" option; the option is "Active key age". AWS Console doesn't put "None" in that column if a key has not been used; if a key exists, then that column gives its age regardless of whether or not it has been used. However, if there is no active access key, then that column contains "-". I suggest replacing step 6 with the following: