dave/site
1
0
Fork 0
mirror of https://github.com/davegallant/davegallant.github.io.git synced 2025-08-06 08:43:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
91544b0cc412d235ca353cbdcc13037d64c339c7
site/public/blog/2021/09/17/automatically-rotating-aws-access-keys/index.html
Dave Gallant 91544b0cc4 Update Google Analytics tag
2023-05-21 09:15:57 -04:00

176 lines
7.0 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html><head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge"><title>Automatically Rotating AWS Access Keys - davegallant</title><link rel="icon" type="image/png" href=https://davegallant.ca/favicon.ico /><meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="" />
<meta property="og:image" content=""/>
<meta property="og:title" content="Automatically Rotating AWS Access Keys" />
<meta property="og:description" content="" />
<meta property="og:type" content="article" />
<meta property="og:url" content="/blog/2021/09/17/automatically-rotating-aws-access-keys/" /><meta property="article:section" content="post" />
<meta property="article:published_time" content="2021-09-17T12:48:33-04:00" />
<meta property="article:modified_time" content="2021-09-17T12:48:33-04:00" />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="Automatically Rotating AWS Access Keys"/>
<meta name="twitter:description" content=""/>
<script src="https://cdn.jsdelivr.net/npm/feather-icons/dist/feather.min.js"></script>
<link href="https://fonts.googleapis.com/css2?family=IBM+Plex+Mono:ital,wght@1,500&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css2?family=Fira+Sans&display=swap" rel="stylesheet">
<link href="https://fonts.googleapis.com/css?family=Roboto+Mono" rel="stylesheet">
<link rel="stylesheet" type="text/css" media="screen" href="/css/main.0e5aa3b634b92d61bafebfd908290cc7a034e4d50e6a0c59ce50044560179c4e.css" />
<link id="darkModeStyle" rel="stylesheet" type="text/css" href="/css/dark.b11f422ffce8151207bad84653d44cb512043f9efe93a0a049f836b9cc32b34a.css" disabled />
<script type="text/javascript"
src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">
</script>
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
tex2jax: {
inlineMath: [['$','$'], ['\\(','\\)']],
displayMath: [['$$','$$'], ['\[','\]']],
processEscapes: true,
processEnvironments: true,
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre'],
TeX: { equationNumbers: { autoNumber: "AMS" },
extensions: ["AMSmath.js", "AMSsymbols.js"] }
}
});
</script>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css">
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js"></script>
<script defer src="https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js" onload="renderMathInElement(document.body);"></script>
<script>
document.addEventListener("DOMContentLoaded", function() {
renderMathInElement(document.body, {
delimiters: [
{left: "$$", right: "$$", display: true},
{left: "$", right: "$", display: false}
]
});
});
</script>
<link rel="stylesheet" type="text/css" href="/css/custom.2e59ff60a2d9c7e42e3c1af2aff0ba627da46f910a234867e98d178eb05c87dc.css">
</head>
<body>
<div class="content"><header>
<div class="main">
<a href="/">davegallant</a>
</div>
<nav>
<a href="/">Home</a>
<a href="/post">All posts</a>
<a href="/about">About</a>
<a href="/tags">Tags</a>
| <span id="dark-mode-toggle" onclick="toggleTheme()"></span>
<script src="/js/themetoggle.js"></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Automatically Rotating AWS Access Keys</h1>
<div class="meta">Posted on Sep 17, 2021</div>
</div>
<section class="body"><p>Rotating credentials is a security best practice. This morning, I read a question about automatically rotating AWS Access Keys without having to go through the hassle of navigating the AWS console. There are some existing solutions already, but I decided to write a <a href="https://gist.github.com/davegallant/2c042686a78684a657fe99e20fa7a924#file-aws_access_key_rotator-py">script</a> since it was incredibly simple. The script could be packed up as a systemd/launchd service to continually rotate access keys in the background.</p>
<p>In the longer term, migrating my local workflows to <a href="https://github.com/99designs/aws-vault">aws-vault</a> seems like a more secure solution. This would mean that credentials (even temporary session credentials) never have to be written in plaintext to disk (i.e. where <a href="https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html">AWS suggests</a>). Any existing applications, such as terraform, could be have their credentials passed to them from aws-vault, which retrieves them from the OS&rsquo;s secure keystore. There is even a <a href="https://github.com/99designs/aws-vault/blob/master/USAGE.md#rotating-credentials">rotate command</a> included.</p></section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href="/tags/aws">aws</a></li>
<li><a href="/tags/python">python</a></li>
<li><a href="/tags/security">security</a></li>
<li><a href="/tags/aws-vault">aws-vault</a></li>
</ul>
</nav>
</div>
</article>
</main>
<section id='comments' class='comments'>
<div class='container sep-before'>
<div class='comments'><script>
var getTheme = window.localStorage && window.localStorage.getItem("theme-storage");
getTheme = getTheme == null ? 'light' : getTheme;
let theme = getTheme === 'dark' ? 'github-dark' : 'github-light';
let s = document.createElement('script');
s.src = 'https://utteranc.es/client.js';
s.setAttribute('repo', 'davegallant\/davegallant.github.io');
s.setAttribute('issue-term', 'pathname');
s.setAttribute('theme', theme);
s.setAttribute('crossorigin', 'anonymous');
s.setAttribute('async', '');
document.querySelector('div.comments').innerHTML = '';
document.querySelector('div.comments').appendChild(s);
</script>
</div>
</div>
</section><footer>
<div style="display:flex"><a class="soc" href="https://github.com/davegallant" rel="me" title="GitHub"><i data-feather="github"></i></a>
<a class="border"></a><a class="soc" href="https://twitter.com/davega11ant/" rel="me" title="Twitter"><i data-feather="twitter"></i></a>
<a class="border"></a><a class="soc" href="https://fosstodon.org/@davegallant" rel="me" title="Mastodon"><i data-feather="speaker"></i></a>
<a class="border"></a><a class="soc" href="https://www.linkedin.com/in/dave-gallant/" rel="me" title="LinkedIn"><i data-feather="linkedin"></i></a>
<a class="border"></a></div>
<div class="footer-info">
2023 Dave Gallant
</div>
</footer>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script>
<script>
var doNotTrack = false;
if (!doNotTrack) {
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-V8WJDERTX9', { 'anonymize_ip': false });
}
</script>
<script>
feather.replace()
</script></div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink