A 2018 Access Key. Still Active in Production. Here's the Python Script That Found It Across an Entire AWS Organization.

A few weeks ago I sat down to review the IAM state of a multi-account AWS Organization. It wasn't a formal audit with weeks of planning. It was the simple question every Cloud Security Engineer should be able to answer at any time: Who has access, with what credentials, and since when? The answer surprised me. Not because it was hard to find — but because of how easy it was to automate, and what came to light when I did. The Context Organizations that have been running on AWS for years accumulate security debt without realizing it. They start with one account, then two, then a team requests its own environment, another project comes along, and suddenly you have an AWS Organization with dozens of accounts, each with its own IAM history. The problem isn't scale — it's visibility. Or rather, the lack of it. In multi-account environments, nobody has a consolidated view of who has what access. Infrastructure teams know what they deployed. Development teams know what they needed at the time.