AWS Security Blog
Tag: Access keys
How to quickly find and update your access keys, password, and MFA setting using the AWS Management Console
August 10, 2022: This blog post has been updated to reflect the new name of AWS Single Sign-On (SSO) – AWS IAM Identity Center. Read more about the name change here. You can now more quickly view and update all your security credentials from one place using the “My Security Credentials” page in the AWS […]
The Top 20 Most Viewed AWS IAM Documentation Pages in 2017
The following 20 pages were the most viewed AWS Identity and Access Management (IAM) documentation pages in 2017. I have included a brief description with each link to explain what each page covers. Use this list to see what other AWS customers have been viewing and perhaps to pique your own interest in a topic you’ve […]
New Information in the AWS IAM Console Helps You Follow IAM Best Practices
Today, we added new information to the Users section of the AWS Identity and Access Management (IAM) console to make it easier for you to follow IAM best practices. With this new information, you can more easily monitor users’ activity in your AWS account and identify access keys and passwords that you should rotate regularly. You can […]
Getting Started: Follow Security Best Practices as You Configure Your AWS Resources
After you create your first AWS account, you might be tempted to start immediately addressing the issue that brought you to AWS. For example, you might set up your first website, spin up a virtual server, or create your first storage solution. However, AWS recommends that first, you follow some security best practices to help […]
Introducing IAM Console Search
We continually review your input submitted via the Feedback link on the AWS Identity and Access Management (IAM) console. Based on our recent review of that feedback, one of the features most frequently requested by you is the ability to search for an IAM user with their associated access key ID. To address this request […]
Use AWS Services to Adhere to Security Best Practices—Minus the Inordinate Time Investment
As security professionals, it is our job to be sure that our decisions adhere to best practices. Best practices, though, tend to be time consuming, which means we either don’t get around to following best practices, or we spend too much time on tedious, manual tasks. This blog post includes two examples where AWS services […]
New in IAM: Quickly Identify When an Access Key Was Last Used
Rotate access keys regularly and remove inactive users. You’ve probably heard us mention these as two AWS Identity and Access Management (IAM) security best practices. But how do you know when access keys (for an IAM user or the root account) are no longer in use and safe to delete? To help you answer this […]
An Easier Way to Determine the Presence of AWS Account Access Keys
Last month, the AWS Security Blog encouraged you to adhere to AWS Identity and Access Management (IAM) best practices. One of these best practices is to lock away your AWS account (root) access keys and password, and not use them for day-to-day interaction with AWS. In fact, when it comes to your root account access […]
A New and Standardized Way to Manage Credentials in the AWS SDKs
One of the advantages of using the AWS SDKs for programmatic access to AWS is that the SDKs handle the task of signing requests. All you have to do is provide AWS credentials (access key id and secret access key), and when you invoke a method that makes a call to AWS, the SDK translates […]
Want Help with Securing Your AWS Account? Here Are Some Resources
Some customers have asked how they should be using AWS Identity and Access Management (IAM) to help limit their exposure to problems like those that have recently been in the news. In general, AWS recommends that you enable multi-factor authentication (MFA) for your AWS account and for IAM users who are allowed to perform sensitive […]