Why did GuardDuty generate findings for an IAM access key ID that I can't find?

Last updated: 2020-01-31

I received an Amazon GuardDuty finding for an AWS Identity and Access Management (IAM) access key that I don't recognize or can't find in the AWS Management Console.  

Short Description

IAM access key IDs beginning with AKIA are long-term credentials, and access key IDs beginning with ASIA are temporary credentials. ASIA credentials are used with AWS Security Token Service (AWS STS) operations for temporary access to AWS services.

Note: ASIA credentials are not searchable in the AWS Management Console.

Resolution

IAM and AWS STS actions are logged in AWS CloudTrail logs. To verify which user requested the temporary credentials for an ASIA access key, you can view CloudTrail events in the CloudTrail console. For more information, see IAM and AWS STS Information in CloudTrail.

If the temporary access key usage is valid, you can follow the instructions to archive your findings or mark them as current and to provide feedback for your GuardDuty findings.