Member-only story
How To Rotate AWS IAM Access Keys
The manual way, but automated is preferred.
As a security best practice, AWS recommends that you regularly rotate IAM user access keys. Regularly rotating long-term credentials helps you familiarize yourself with the process, and provides you with better security because access keys inherit the same permissions as the IAM user they are attached to.
Ideally, you would automate this process using something like AWS KMS (Key Management Service) where your keys are automatically rotated every 365 days (approximately). However there may be times when you need to do this manually, for example if you have an employee that leaves your company.
There are 3 ways you can do this, however today we will use the CLI as it is generally the quickest and most efficient way to manage AWS resources/users.
Assuming you have your CLI configured as an admin user, we can look at an example of rotating the keys for a user named student1.
- We will first run the following command to see what keys student1 has
aws iam list-access-keys --user-name student1This is the output we get:
2. We will now create a second access key to replace the old one
aws iam create-access-key --user-name student1
