Reputation: 1051
Automatic rotation of AWS access keys
I am looking for ways to automate the rotation of access keys (AWS credentials) for a set of users. There is a seperate process that creates the Access Keys. I need to be able to rotate the keys in an automated way. This link explains a way to do this for a specific user. How would I be able to achieve this for a list of users. Any thoughts or recommendations?
Upvotes: 0
Views: 4216
Answers (2)
Reputation: 1623
Access keys are generally used for programmatic access by applications. If these applications are running in, says EC2, you should use roles for EC2. This will install temporary credentials on the instance that are automatically rotated for you. The AWS CLI and SDKs know how to automatically retrieve these credentials so you don't need to add them in the application either.
Other compute solutions (Lambda, ECS/EKS) also have ways to provision roles for applications.
Upvotes: 0
Reputation: 3365
You can use AWS Config to mark the old access keys non-compliant (https://docs.aws.amazon.com/config/latest/developerguide/access-keys-rotated.html) and then use CloudWatch Events (my article how to do this) to run a Lambda function that deletes the old key, creates a new one, then send it to the user.
Upvotes: 2
Related Questions
- How do I grant a rotation Lambda access to AWS Secrets Manager
- Best method to renew periodically your AWS access keys
- Secrets Rotation using AWS Lambda and the AWS SDK for Java
- Alternatives of/Configuring AWS secrets manager
- Auto Rotation of Secret Key and Access Key in AWS using Lambda
- How to manage AWS Secret Keys for local development
- Is it possible to Store AWS API gateway API keys in secret manager and rotate them
- AWS Secrets Manager rotation for RDS credentials
- AWS Access Key Rotation
- How to rotate IAM user access keys