Your development team uses access keys in their local PCs to develop an application with access to S3 and DynamoDB. A new security policy has been outlined that the credentials that are nearing the 2 months expiry period should be rotated. Which of the following options is the most suitable?

Answer options:

A.Use the application to rotate the keys every 2 months via the console.
B.Use a Cron job to query the date the keys are created. If the keys are nearing the 2 months expiry period, delete them and recreate new keys.
C.Delete the user associated with the keys after every 2 months. Then recreate the user again.
D.Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.

Answer - B
One can use the CLI command list-access-keys to get the access keys. This command also returns the "CreateDate" of the keys. If the CreateDate is older than 2 months, the keys can be deleted and recreated.
The list-access-keys CLI command returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list.
For more information on the CLI command, please refer to the below link:
http://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html