In the AWS User administration section, I am wanting to remove an old user from groups, however, I am seeing "Programmatic access with active access key - 15 days ago" under his Last Activity column. Does this mean his key could be in use somewhere in our codebase? I'm not seeing any information on what this message means.

If his key is in use, is there a way to find out more information about where it is being used?

CodePudding user response：

When viewing the user in the IAM console, you can view their Access Keys in the Security Credentials tab. This tab will show the Access Key ID, Created, and Last Used. You can use these details to see what the ID of the access key and what service and region the key has been used for most recently (with a few minute delay). This is also where you can disable the key without deleting it if you want to do some targeted testing to determine what may use the key.

If you have Cloudtrail enabled and setup, you can also search using the AWS Access Key attribute as @jordanm mentioned.