Here’s an example of the key rotation steps listed above. Validate that your applications are still working as expected. Change the state of the previous access key to inactive.Update all your applications to use the new access key and validate that the applications are working.Create a second access key in addition to the one in use.To rotate access keys, you should follow these steps: In this post, Cristian Ilac, software development manager on the IAM team, will walk you through the steps to rotate access keys for an IAM user. However, if you are running applications somewhere other than on EC2, you should add access key rotation to your application management process. Roles use temporary security credentials that auto-expire and auto-renew, so you don’t have to worry about access key rotation – AWS does it for you. If you run applications on EC2 that need access to AWS services, we strongly recommend using this feature. In an earlier post, we described Identity and Access Management (IAM) roles for Amazon EC2. Having an established process that is run regularly also ensures the operational steps around key rotation are verified, so changing a key is never a scary step. Changing access keys (which consist of an access key ID and a secret access key) on a regular schedule is a well-known security best practice because it shortens the period an access key is active and therefore reduces the business impact if they are compromised.
0 Comments
Leave a Reply. |