Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Mods
AWS
Loading policies...

Policy: AWS > IAM > Access Key > Active > Recently Used

The number of days since the AWS IAM access key was last used before it is considered inactive. The Active control determines whether the resource is in active use, and if not, has the ability to delete / cleanup the resource. When running an automated compliance environment, it's common to end up with a wide range of alarms that are difficult and time consuming to clear. The Active control brings automated, well-defined control to this process. The Active control checks the status of all defined Active policies for the resource (AWS > IAM > Access Key > Active > *), raises an alarm, and takes the defined enforcement action. Each Active sub-policy can calculate a status of active, inactive or skipped. Generally, if the resource appears to be Active for any reason it will be considered Active. Note the contrast with Approved, where if the resource appears to be Unapproved for any reason it will be considered Unapproved. See Active for more information.

Targets

This policy targets the following resource types:

  • AWS > IAM > Access Key

Primary Policy

This policy is used with the following primary policy:

  • AWS > IAM > Access Key > Active

Controls

Setting this policy configures this control:

  • AWS > IAM > Access Key > Active

Policy Packs

This policy setting is used by the following policy packs:

  • AWS CIS v3.0.0 - Section 1 - Identity and Access Management

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip

  • Active if recently used <= 1 day

  • Active if recently used <= 3 days

  • Active if recently used <= 7 days

  • Active if recently used <= 14 days

  • Active if recently used <= 30 days

  • Active if recently used <= 45 days

  • Active if recently used <= 60 days

  • Active if recently used <= 90 days

  • Active if recently used <= 180 days

  • Active if recently used <= 365 days

  • Force active if recently used <= 1 day

  • Force active if recently used <= 3 days

  • Force active if recently used <= 7 days

  • Force active if recently used <= 14 days

  • Force active if recently used <= 30 days

  • Force active if recently used <= 45 days

  • Force active if recently used <= 60 days

  • Force active if recently used <= 90 days

  • Force active if recently used <= 180 days

  • Force active if recently used <= 365 days
Examples [YAML]
  • Active if recently used <= 90 days

Category

  • Resource > Active

In Your Workspace

  • Policy Settings by Type report

Developers

    Category URI
    • tmod:@turbot/turbot#/control/categories/resourceActive
    • Policy Type URI
    • tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed
    • GraphQL
    • query policyType(id: "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed") { … }
    • query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed'") { … }
    • query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed'") { … }
    • CLI
    • Get Policy Type
    • turbot graphql policy-type --id "tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed"
      • Get Policy Settings
    • turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-iam#/policy/types/accessKeyActiveRecentlyUsed"
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy
180
Mods
497
Resource Types
8,691
Policies
3,362
Controls
1,833
Quick Actions
540
IAM