It is recommended that you rotate AWS secret access keys on a regular basis as a best practice.
-
You can have at most two secret access keys per user.
-
You can deactivate, delete, and activate secret access keys.
-
You can input custom secret access keys of 40 characters (alphanumeric /+) or let the system auto-generate them.
Here are the guidelines for rotating secret access keys:
-
Create the new secret access key (default is active).
-
Migrate applications to use the new secret access key.
-
Validate that the applications are running correctly.
-
Wait for two hours. Deactivate the old secret access key, and ensure that the applications are running correctly.
-
If any applications are still using the old secret access key, then activate the key, and go back to step 2.
-
Wait for two hours. Delete the inactive secret access key.