A security engineer received a notification that an administrative user account may have been compromised. The engineer wants to immediately rotate the access key for the user whilst ensuring that applications that use the access key are not affected. What is the BEST approach in this situation?