All Products
Search
Document Center

Cloud Config:A RAM user has no more than one valid AccessKey

Last Updated:Jun 23, 2026

A RAM user in the Activated state that has fewer than two AccessKey pairs created for more than the specified number of days is evaluated as Compliant. We recommend that each RAM user maintain only one valid AccessKey pair and hold two only during key rotation.

Scenarios

Regularly clean up and rotate RAM user AccessKey pairs to reduce the risk of leaks.

Risk level

Default risk level: Medium.

You can change the risk level as needed.

Detection logic

  • If a RAM user is in the Activated state and has fewer than two AccessKey pairs created for more than the specified number of days, the evaluation result is Compliant.

  • If a RAM user is not in the Activated state or has two or more AccessKey pairs created for more than the specified number of days, the evaluation result is Non-compliant.

Rule details

Item

Description

Rule name

A RAM user has no more than one valid AccessKey

Rule identifier

ram-user-activated-ak-quantity-check

Tag

AK

Automatic remediation

Not supported

Rule trigger

Configuration change

Supported resource type

RAM user

Input parameters

days. Default value: 30

Remediation

Make sure the RAM user is active and has fewer than two AccessKey pairs. For more information, see Disable an AccessKey for a RAM user.