To all application owners,

Security is the top-most priority of any organization. To ensure continued success in our drive to design and architect a secure infrastructure, we are implementing a 90-day automatic rotation of all AWS IAM User Access Keys.

Why is this important and how does fixing this help you?
Rotating Identity and Access Management (IAM) credentials periodically will significantly reduce the chances that a compromised set of access keys can be used without your knowledge to access certain components within your AWS account.

What this means for you:
You will need to update your applications every 90-days with the new Access Key pair. These can be found in AWS Secrets Manager in a secret accessible by your application’s AWS IAM User only. You will have a grace period of 10 days after rotation before old Access Keys are disabled. There will be another 10-day grace period before old Access Keys are deleted. Until they are disabled, old Access Keys can be used to programmatically retrieve the new Access Keys from AWS Secrets Manager.

Enabling this setting will also help you align with the following compliance standards:

• The Center of Internet Security AWS Foundations Benchmark
• APRA
• MAS
• National Institute of Standards and Technology (NIST)
• AWS Well-Architected Framework

AWS IAM Access Key in Violation:

------------------------------------------------------

AWS Partition: {{partition_name}}

AWS Account ID: {{account_id}}

AWS Account Name: {{account_name}}

Time of Detection: {{timestamp}}

Action:
{{actions}}

Rotation Period: {{rotation_period}}

Installation Grace Period: {{installation_grace_period}}

Recovery Grace Period: {{recovery_grace_period}}

------------------------------------------------------

Should you have any questions, please reach out to {{sender_email}}. As always, thank you for continuing to strive for a secure work environment.

Sincerely,

[Department Name Here]