Skip to main content

lacework-global-117

Rotate public ssh keys every 30 days or less

Description

Identity and Access Management (IAM) SSH key pairs enable access to AWS CodeCommit repositories. Best practices recommend regularly rotating SSH public keys to limit your window of exposure for any compromised keys.

Remediation

Perform the following to rotate public SSH keys:

  1. Log in to the AWS Management Console.
  2. Click Services.
  3. Click IAM and select Users.
  4. Open the IAM user of interest and select the Security Credentials tab.
  5. Click Make Inactive for keys that are older than 30 days.
  6. Click Upload SSH public key to upload a new public key created by the IAM user.
  7. After the IAM user tests the change, delete the inactive key.