Learn a best practice for rotating access keys for Identity and Access Management (IAM) users. The methodology will be described in detail, then illustrated through a combination of the AWS Web Console and the AWS Command Line Interface (CLI). This will help you understand why it is important to be able to inactivate an access key prior to its permanent removal
- [Instructor] Rotating user access keys is one…of those periodic maintenance tasks…that you need to be on top of.…Similar to rotating passwords,…key rotation is a best practice.…It is almost certainly something…to be examined during a security audit.…The following process is a safe method…for rotating access keys.…Starting with an understanding…of where access keys are being used,…the first step is to create a new access key.…This can be done via the web console,…command line interface or API.…
In the configuration file of the application,…using the access key or wherever the current…access keys are being used, you need to replace them…with the newly generated secret and key.…Then perform a regression test…using the newly created access key.…Once you have confirmed functional continuity,…you can proceed to inactivate the old key.…You may want to keep the old key around for awhile…just in case you discover a mission critical use case…which was not accounted for.…Once you are comfortable that the old access key is…
Sharif Nijim couples pragmatic advice with practical examples that educate IT pros on how to create a secure infrastructure within Amazon Web Services. Sharif explores the shared responsibility model of security, which splits duties between your company and AWS, and introduces key identity and access management concepts, including users, groups, roles, and policies. Learn how to configure Identity and Access Manager (IAM) and Simple Storage Service (S3) access management, including policies and access control lists. At the end of the course, Sharif helps you prepare for the inevitable audit of your AWS account(s).
This course is also part of a series designed to help you prepare for the AWS Certified SysOps Administrator – Associate certification exam.
- The AWS shared responsibility model and security landscape
- Enabling CloudTrail
- Configuring AWS Identity and Access Management (IAM)
- Configuring IAM users, groups, and policies
- Granting temporary access
- Controlling access to Simple Storage Service (S3)
- Preparing for security audits
- Getting audit help from Trusted Advisor