Checks whether disabled AccessKey pairs are deleted for RAM users. If a disabled AccessKey pair exists, the evaluation result is non-compliant.
Scenario
Disabled AccessKey pairs should be deleted promptly to prevent accidental re-enablement or disclosure due to insufficient key management.
Risk level
Default risk level: low.
You can change the risk level when you apply this rule.
Compliance evaluation logic
- If no disabled AccessKey pairs exist for a RAM user, the evaluation result is compliant.
- If a disabled AccessKey pair exists for a RAM user, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
| Rule name | ram-user-invalid-ak-check |
| Rule ID | ram-user-invalid-ak-check |
| Tag | RAM and AK |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | RAM user |
| Input parameter | None |
Non-compliance remediation
Delete the disabled AccessKey pair for the RAM user. For more information, see Delete a RAM user's AccessKey.
该文章对您有帮助吗?