More
AWS Foundational Security Best Practice
Unused IAM user credentials should be removed
This control checks whether your IAM users have passwords or active access keys that were not used within the previous 90 days.