iam-user-unused-credentials-check - Amazon Config
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


Checks if your Amazon Identity and Access Management (IAM) users have passwords or active access keys that have not been used within the specified number of days you provided. The rule is NON_COMPLIANT if there are inactive accounts not recently used.


Re-evaluating this rule within 4 hours of the first evaluation will have no effect on the results.


Trigger type: Periodic

Amazon Web Services Region: All supported Amazon regions except Middle East (UAE) Region


Type: int
Default: 90

Maximum number of days a credential cannot be used. The default value is 90 days.

Amazon CloudFormation template

To create Amazon Config managed rules with Amazon CloudFormation templates, see Creating Amazon Config Managed Rules With Amazon CloudFormation Templates.