access-keys-rotated - AWS Config


Checks if the active access keys are rotated within the number of days specified in maxAccessKeyAge. The rule is NON_COMPLIANT if the access keys have not been rotated for more than maxAccessKeyAge number of days.


This rule requires you to turn on 'Include global resources' in general settings in order for resources to be evaluated.

Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.


Trigger type: Periodic

AWS Region: All supported AWS regions except Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region


Type: int
Default: 90

Maximum number of days without rotation. Default 90.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.