AWS Bites artwork

113. How do you revoke leaked credentials?

AWS Bites

English - February 09, 2024 00:00 - 11 minutes - 10.6 MB - ★★★★★ - 10 ratings
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 112. What is a Service Control Policy (SCP)?
Next Episode: 114. What's up with LLRT, AWS' new Lambda Runtime?

In this episode, we discuss what to do if you accidentally leak your AWS credentials during a live stream. We explain the difference between temporary credentials and long-lived credentials, and how to revoke each type. For temporary credentials, we recommend using the AWS console to revoke sessions or creating an IAM policy to deny access. For long-lived credentials, you must deactivate and rotate the credentials. We also touch on using tools like HashiCorp Vault to manage credentials securely.




💰 SPONSORS 💰

AWS Bites is brought to you by fourTheorem, the AWS consulting partner that doesn’t suck. Check us out at ⁠⁠https://fourTheorem.com⁠⁠

In this episode, we mentioned the following resources:

Gist with example policy: https://gist.github.com/lmammino/02fef8ce0cc22a45f219fe4f47fcf20c
Revoking IAM role temporary security credentials (official AWS docs): https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html



Do you have any AWS questions you would like us to address?
Leave a comment here or connect with us on X, formerly Twitter:
- ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠
- ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

Twitter Mentions