1. Assessment Phase

  • List IAM Users with Access Keys
  • Choose Key Transition Strategy

2. Summary and Planning Phase

  • Confirm Rotation Frequency & Action Plan

3. Configuration Phase

  • Create a New Access Key
  • Update Application Configurations
  • Deactivate Old IAM Access Key
  • Delete Old Access Key

4. Validation Phase

  • Review IAM Access Keys Age
1 Credits

Rotate IAM Access Keys

Overview

Rotate IAM access keys across your AWS account to improve security, reduce risk from key compromise, and maintain compliance with best practices. This plan walks you through identifying IAM users with active keys, choosing a rotation strategy, securely creating and applying new keys, deactivating and deleting old ones, and validating successful key rotation.

Execution Details

1. Assessment Phase – Key Discovery & Strategy Selection

  • List IAM Access Keys: Identify all IAM users and retrieve access key metadata (ID, status, and creation date).
  • Choose Key Rotation Strategy: Select a preferred approach—generate new keys and update usage before disabling old ones, or directly disable/delete old keys.

2. Summary Phase – Rotation Planning

  • Confirm Rotation Frequency & Plan: Define rotation interval (e.g., 90 days), select users for rotation, and confirm the applications that depend on those keys.

3. Configuration Phase – Execute Rotation

  • Create New Access Keys: Generate new access keys for selected users.
  • Update Applications: Replace old keys in app configs, CI/CD pipelines, or secret managers.
  • Deactivate Old Keys: Temporarily disable old keys to verify that updates were successful.
  • Delete Old Keys: Permanently remove old keys after validation.

4. Validation Phase – Compliance Check

  • Review IAM Access Key Age: Confirm that all active keys meet your age policy (e.g., under 90 days).