A company requires a solution to automatically notify its security team whenever an AWS access key has not been rotated for 90 days or more. The solution should require the least amount of effort to implement. Which of the following solutions would achieve this requirement?

Exam-Like

Deploy an AWS Config managed rule to run daily, selecting the access-keys-rotated rule and setting maxAccessKeyAge to 90 days. Create an Amazon EventBridge rule that triggers on NON_COMPLIANT findings from AWS Config and sends an Amazon SNS notification to the security team._

100.0%

Create a script to export IAM access key rotation data from AWS Trusted Advisor into a CSV file, upload this via an AWS Lambda function to an Amazon S3 bucket. Use Amazon Athena to query the CSV for keys older than 90 days and send an Amazon SNS notification to the security team if any are found.

0.0%

Develop a script to periodically download the IAM credentials report, run it via an AWS Lambda function scheduled with Amazon EventBridge. The script should filter for keys not rotated in the last 90 days and send an Amazon SNS notification to the security team if any are detected.

0.0%

Create an AWS Lambda function that lists all users via the IAM API and checks each user's access keys using the ListAccessKeys operation. If any key's CreateDate is 90 days or older, the function should send an Amazon SNS notification to the security team. Schedule this function to run daily using Amazon EventBridge.

0.0%

AWS Certified Security - Specialty

Get started today

Comments

A company requires a solution to automatically notify its security team whenever an AWS access key has not been rotated for 90 days or more. The solution should require the least amount of effort to implement. Which of the following solutions would achieve this requirement?