You have two options here.
The best is to activate the IAM unused access analyser if you are willing to pay around 50USD monthly for this service.
Basically it will scan constantly all your IAM section and list you warning events like unused roles, unused permissions, unused passwords and what interests us the most here : unused access keys.
- You can event use EventBridge to be notified about that through an email or a Lambda (that could write to your Slack channel for example)
- Or simply add this check to your morning routine at work
Otherwise you can launch this simple bash script I made here : it will list you the active access keys not used from more than 90 days.
You can confidently start to deactivate them, then remove them after a few days.
Top comments (0)