access-keys-rotated
Checks if the active access keys are rotated within the number of days specified in maxAccessKeyAge
. The rule is NON_COMPLIANT if the access keys have not been rotated for more than maxAccessKeyAge
number of days.
This rule requires you to turn on 'Include global resources' in general settings in order for resources to be evaluated.
Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.
Identifier: ACCESS_KEYS_ROTATED
Trigger type: Periodic
AWS Region: All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region
Parameters:
- maxAccessKeyAge
- Type: int
- Default: 90
-
Maximum number of days without rotation. Default 90.
AWS CloudFormation template
To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.