You can create a maximum of two AccessKey pairs for each RAM user. If you have used an AccessKey pair for more than three months, we recommend that you rotate the AccessKey pair in a timely manner. This reduces the probability of AccessKey pair leak.

Procedure

  1. Create an AccessKey pair for rotation. For more information, see Create an AccessKey pair for a RAM user.
  2. Update all applications and systems to use the new AccessKey pair.
    Note If you want to check whether the new or original AccessKey pair is in use, perform the following steps: Log on to the RAM console and go to the details page of the required user. In the User AccessKeys section, find the new and original AccessKey pairs. View the values in the Last Used column.
  3. Disable the original AccessKey pair. For more information, see Disable an AccessKey pair.
  4. Confirm that your applications and systems are properly running.
    • If the applications and systems are properly running, the update succeeds. You can delete the original AccessKey pair.
    • If an application or system stops running, you must enable the original AccessKey pair, and repeat Step 2 to Step 4 until the update succeeds.
  5. Delete the original AccessKey pair. For more information, see Delete an AccessKey pair.

What to do next

We recommend that you regularly rotate AccessKey pairs.