You can create up to two AccessKey pairs for each Resource Access Management (RAM) user. If you have used an AccessKey pair for more than 90 days, we recommend that you rotate the AccessKey pair in a timely manner. This reduces the probability of AccessKey pair leaks.

Procedure

  1. Create an AccessKey pair for rotation.
    For more information, see Create an AccessKey pair for a RAM user.
  2. Change the AccessKey pair for all applications and systems to the new AccessKey pair.
    Note If you want to check whether the new or original AccessKey pair is in use, perform the following steps: Log on to the RAM console and go to the details page of the required RAM user. In the User AccessKeys section, find the new and original AccessKey pairs. View the values in the Last Used column.
  3. Disable the original AccessKey pair.
    For more information, see Disable an AccessKey pair of a RAM user.
  4. Confirm that your applications and systems are properly running.
    • If the applications and systems are properly running, the new AccessKey pair is used. You can delete the original AccessKey pair.
    • If an application or system does not run as expected, you must enable the original AccessKey pair, and repeat Step 2 to Step 4 until the new AccessKey pair is used.
  5. Delete the original AccessKey pair.
    For more information, see Delete an AccessKey pair of a RAM user.

What to do next

We recommend that you regularly rotate AccessKey pairs.