TechQA.

Rotate IAM user access keys without code change in client

661 views Asked by At

I have a scenario where I have created an IAM user for customer's application for access of API gateway and have shared the user keys (access-code and secret-key) with them. I need to rotate the keys for them every 90 days but since the access keys for IAM user are configured in the code, I need to convey the changed access keys so that they can make the code changes/configuration changes in the application, test and deploy the application again. This adds an overhead to communicate the changes every 90 days both for me and the customer.

I want to follow key rotation without needing to change the code (codebase/configuration). How can it be achieved?

Is there a better way to provide access to customer's application?

Thanks.

amazon-web-services amazon-iam access-keys key-rotation
Original Q&A
1

There are 1 answers

3
John Rotenstein On

Assuming that your client is using an AWS SDK to communicate with AWS, then they should:

  • Remove the credentials from their code
  • Create a ~.aws/credentials file to store the credentials

Tip: An easy way to create the credentials file is via the AWS Command-Line Interface (CLI) aws configure command.

Then, you could rotate credentials with these steps:

  • Generate a second Access Key/Secret Key and communicate it to the client
  • They replace the credentials in the credentials file and tell you that this is done
  • You disable/delete the original Access Key

Related Questions in AMAZON-WEB-SERVICES

Related Questions in AMAZON-IAM

Related Questions in ACCESS-KEYS

Related Questions in KEY-ROTATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions