Most security standards recommend changing access credentials (passwords, certificates, or keys) on a regular basis. However, until recently this has been a bit tricky with AWS applications – requesting a new Access Key ID or X.509 certificate immediately rendered the old one invalid.
Our new Access Credential Rotation feature makes it easier for you to switch (or rotate) from one set of credentials to another to make your cloud assets even more secure. Using the "Security Credentials" page on the AWS Portal, you can request a new access credential while leaving the old one active and valid. Later, after you have distributed the new credential to all of your applications, you can deactivate and then (when you are sure that everything is working properly) delete the old credential. You can have up to two credentials of each type (Access Key ID and X.509 certificate).
Now you can make your AWS applications even more secure!
-- Jeff;
Very useful! thanks AWS!
Posted by: David Kavanagh | September 08, 2009 at 10:02 AM
This is a great feature for production applications needing to update their keys. Thank you so much #AWS!
Posted by: twitter.com/ttolle | September 08, 2009 at 01:08 PM
The way you folks continually make things better makes me entirely comfortable when you launch some raw new service. It's the little things like this that make me trust you with the big things. Thanks!
Posted by: twitter.com/williampietri | September 09, 2009 at 01:35 PM
Great feature, you guys are doing awesome work. I'd still like to be able to finetune access per key. For example having a key that I can only use for snapshots. I can see that being a mess to manage, though. Perhaps have the ability to disable sensitive calls only (such as ec2 terminate).
Nevertheless, I plan to use this not necessarily for rotation of credentials, but to distribute different keys to various machines and being able to revoke them without disrupting more than necessary.
Posted by: Vlad B | September 16, 2009 at 06:19 AM