Description
The Disable Unused IAM Access Keys action can be used to disable IAM user access keys that have gone unused. A report can be emailed informing you of the status of the access keys.
Settings
Please see Common Action Settings for a description of settings common to all action types.
User Identification Method
Indicates the method in which users will be selected. Options include:
All users - All users will be checked
By user name - Users which match a comparison will be checked
User Name
Comparison to use when selecting users.
Unused Days
Indicates the number of days an access key should have gone unused before it's disabled.
Report Target
Indicates the method in which the report will be sent.
Target Email
Indicate the target email address to which the reports will be sent. Possible options include:
Primary
Alternates
Alternate Email Addresses
Indicates the alternate email addresses to which the reports will be sent.
Report Format
Specify the format of the report. Possible options include:
Email
HTML file emailed
CSV file emailed
Test Mode
Indicates that Test Mode is enabled. When Test Mode is enabled, access keys will not be disabled.
Amazon Commands Used
The following Amazon AWS commands are used. The access key should have permission to execute all of them.
iam:GetAccessKeyLastUsed
iam:ListAccessKeys
iam:UpdateAccessKey