Your development team needs to use AWS access keys to develop an application with access to S3 and DynamoDB. A new security policy has outlined that the access keys should be rotated when nearing 2 months. How can you achieve this?

Answer options:

A.Enable the automatic key rotation option for the access keys.
B.Use a script to query the creation date of the keys. If nearing 2 months, create a new access key and update the application to use it, inactivate the old key and delete it.
C.In the AWS Console, delete the user associated with the keys after every 2 months. Then recreate the user again.
D.Delete the IAM Role associated with the keys after every 2 months. Then recreate the IAM Role again.

Answer – B
One can use the CLI command list-access-keys to get the access keys. This command also returns the "CreateDate" of the keys. If the CreateDate is older than 2 months, the keys can be deleted.
The Returns list-access-keys CLI command returns information about the access key IDs associated with the specified IAM user. If there are none, the action returns an empty list.
Option A is incorrect because access keys do not have the key rotation feature.
Option C is incorrect because this is a manual approach that should not be used.
Option D is incorrect because an IAM role is not used in this scenario.
For more information on the CLI command, please refer to the below Link:
http://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html