We use service accounts and I'm looking to run this policy only on user accounts that begin with svc_
.
The below code will act on all user accounts where the access keys are > 90.
policies:
- name: iam-user-access-keys-older-than-90days
description: |
Retrieve all IAM user accounts whom have active access keys that are
older than 90days
resource: iam-user
filters:
- type: access-key
key: Status
value: Active
- type: access-key
match-operator: and
key: CreateDate
value: 90
op: greater-than
value_type: age
Thank you. I created a separate policy for the services accounts and followed your suggestion of using type, value, and key.