CloudAgent gives you AI agents that manage your cloud infrastructure. They handle tasks like security compliance, cost optimization, deployments, and monitoring. You remain in control as agents show you their plans, wait for your approval, then execute. Think of it as having a cloud operations team that works 24/7 without needing to hire an army of cloud experts.

How can AI agents be trusted with production cloud infrastructure?

You stay in control through approval workflows where every infrastructure change can require human approval before execution, custom security controls with granular access rules, complete audit trails of every action, self-hosted deployment options, and progressive trust models starting with read-only access.

How does it actually reduce costs?

CloudAgent agents delete unused resources, schedule non-production shutdowns, right-size infrastructure based on usage patterns, and recommend architectural optimizations. Early customers report 15-40% cost reduction within 90 days. Unlike dashboards, CloudAgent actually fixes the problems.

1. Assessment

List IAM users and enumerate their access keys and status
Identify IAM users with more than one active access key
User: For each affected IAM user, select the single access key to keep active

2. Configuration

Deactivate extra access keys for IAM users with multiple active keys
Delete deactivated extra access keys after confirmation

3. Validation

Validate each IAM user has at most one active access key
User: Review access key changes and confirm no required keys were removed

1 Credits

Enforce Single Active Access Key per IAM User

Overview

Enforce a secure, consistent IAM access key posture by ensuring each IAM user has at most one active access key. The plan walks through discovering current access keys, identifying users with multiple active keys, guiding you to decide which key to keep, safely deactivating and deleting extras, and then validating the final state. Throughout, it emphasizes structured inventories, user-reviewed decisions, and clear reporting so you can clean up keys confidently without breaking critical workloads.

Execution Details

Assessment

1. List IAM users and enumerate their access keys and status

Start by building a complete inventory of IAM users and their access keys across all in-scope AWS accounts. This includes:

Enumerating all IAM users and collecting key user attributes such as name, ARN, creation time, and relevant tags (e.g., Environment, Application, Owner, CostCenter).
Listing every access key per user and capturing key metadata: access key ID, status (Active/Inactive), creation date, and last-used information where available (including service and region context).
Storing this full inventory in a structured format for later analysis and decision-making.

2. Identify IAM users with more than one active access key

Next, analyze the inventory to highlight where cleanup is required:

For each IAM user, count how many access keys are Active.
Identify all users with more than one active key and compile details for each of their active keys, including IDs, creation dates, and last-used data.
Optionally note an initial suggestion for which key might be best to retain (for example, the most recently used key), while leaving final choices for you.
Produce a structured list of affected users and their active keys for your review.

3. User: Select the single access key to keep active

You are then guided through deciding which key to keep for each affected user:

Review the list of users with multiple active keys, along with each key’s ID, creation date, and usage history.
For each user, select exactly one active key to retain based on operational importance and recency of use.
Identify any cases where more than one active key must be temporarily kept (e.g., during a migration) and record justification and a target date for resolving these exceptions.
Explicitly list which keys should be deactivated and ultimately deleted, and note any users or keys that must be excluded from changes for now.
Produce a final decision record mapping each IAM user to: the single key to keep active, the keys to deactivate/delete, and any temporary exceptions.

Configuration

4. Deactivate extra access keys for IAM users with multiple active keys

Apply the decisions in a controlled way by first deactivating, not deleting, extra keys:

Retrieve the approved decision record identifying the key to retain and the keys to deactivate for each user.
Confirm that each key marked for deactivation is currently Active to avoid unnecessary changes.
Update the status of each selected key from Active to Inactive, ensuring the chosen retained key stays Active.
Log any keys that cannot be deactivated along with error details and the impacted IAM user.
Re-enumerate access keys for affected users to verify that only the selected key remains Active and all others are now Inactive.
Produce a configuration summary listing which keys were deactivated and which active key is being kept per user.

5. Delete deactivated extra access keys after confirmation

Once deactivation is confirmed and any grace periods or exception checks are satisfied, permanently remove extra keys:

Retrieve the list of deactivated keys that are intended for deletion.
Reconfirm that each key is Inactive and not covered by any exception or grace period.
Delete each confirmed deactivated key while preserving the retained active key.
Record any deletion failures with user, key ID, and error details for follow-up.
Re-enumerate keys for all affected users to ensure only intended keys remain.
Compile a final deletion log showing, per user, which keys were deleted, which key remains active, and any keys still pending deletion due to issues.

Validation

6. Validate each IAM user has at most one active access key

After cleanup, verify that the environment now complies with the policy:

Re-enumerate access keys for all in-scope IAM users.
Count active keys per user and confirm each has at most one active key, flagging any non-compliant users.
For a sample of users whose keys were changed, compare the remaining active key ID against the decision record to ensure the correct key was retained.
Produce a validation report summarizing compliance: how many users have exactly one active key, how many have zero, and listing any remaining users with multiple active keys along with recommended remediation steps.

7. User: Review access key changes and confirm no required keys were removed

Finally, you review the results to validate that operations remain unaffected:

Receive a summary of access key changes per user, including which keys were deactivated, which were deleted, and which key remains active (if any).
Focus review on privileged or sensitive IAM users (such as administrators and automation accounts) to verify that required keys were not removed.
Document any issues discovered (for example, broken automations due to removed keys) along with the affected user, key, and impact.
Outline remediation steps where needed (such as issuing new keys and updating dependent systems) and track these outside the enforcement workflow.
Provide final confirmation that the access key cleanup is acceptable, or record remaining concerns and outstanding remediation items.