Each RAM user can have up to two AccessKeys. To reduce the risk of compromise, rotate any AccessKey that has been in use for more than 90 days.
Procedure
-
Create a second AccessKey.
For instructions, see Create an AccessKey for a RAM user.
-
Update all applications and systems to use the new AccessKey.
NoteIn the RAM console, go to the Users page and open the user details page. Check the last used time of the original AccessKey to confirm it is no longer active before you disable it. For more information, see View AccessKey details for a RAM user.
-
Disable the original AccessKey.
For instructions, see Disable an AccessKey for a RAM user.
-
Verify that all applications and systems that use the new AccessKey work correctly.
-
If all applications and systems work correctly, delete the original AccessKey.
-
If any application or system fails, re-enable the original AccessKey immediately. Repeat steps 2 through 4 until the update succeeds.
-
-
Delete the original AccessKey.
For instructions, see Delete an AccessKey for a RAM user.
Next steps
Repeat this rotation every 90 days or sooner.