How to update AWS credentials in Elastic Beanstalk environment variables when changing IAM user keys?

Question

How do I update the IAM security credentials in the environmental variables in an Elastic Beanstalk application?

In my application I'm getting the following error sending a message to the AWS SQS queue. 403 (Forbidden) bundle.js:27819 Error: The security token included in the request is invalid.

I changed my IAM credentials so I'm assuming I need to update the environmental variables in my Elastic Beanstalk application, and I'm assuming this is the reason for the above error.

I tried to update the security credentials in the environmental variables in my Elastic Beanstalk application by running aws configure. If I'm understanding correctly it has updated the credentials file in my .aws folder. But I don't think it updated the security credentials in the environmental variables in my AWS Elastic Beanstalk application. How to do this?

Thanks!

Answer 1

I tried to update the security credentials in the environmental variables in my Elastic Beanstalk application by running aws configure.

That is incorrect assumption, aws configure updates only .aws contents, which has nothing to do with ElasticBeanstalk environment variables.

If you need to update EB environment variables, then you need to use this command

eb setenv key=value

BUT, and this is a huge but, never store your credentials in a place such as remote instance. That is not how you are supposed to give permissions to your applications. Of course you can do that using environment variables but that is a huge security risk. You should create appropriate role and attach it to your EB environment instead. That way you don't need to manage your credentials and give your application all the permission it needs.