Add support for rotation of IAM access keys

[PeteW]

Description of changes: This stems from an AWS support issue #6724293101 where there's no current provided lambda function for IAM accesskey/secretkey credential rotation. I have several IAM credentials in need of automated rotation hence this proposal to fill the gap.

The design is based on the "multi-user" approach in the senses that:

• Multiple versions of the IAM access key can be active allowing processes time to switch to the newest access key
• A "master" IAM user, synonymous with an "admin" account in a database, performs the work of rotating IAM credentials

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[PeteW]

FYI I have an alternate version of this script - one which requires no "master iam user" - one which stows all credential rotation privileges inside the lambda role - also. It is a matter of changing just a few lines

[willtong1234]

We have no plan to support IAM access key rotation through Secrets Manager. Users should be using IAM roles for EC2, IAM roles for service accounts or IAM roles anywhere for AWS credentials. Closing this PR.

[PeteW]

What do you recommend for applications outside of AWS that need AWS credentials?

Peter Weissbrod https://pete.lol/ | O: 207.439.3489 | M: 406.531.1263

---

From: willtong1234 @.***> Sent: Monday, February 13, 2023 2:41 PM To: aws-samples/aws-secrets-manager-rotation-lambdas Cc: Pete Weissbrod; Author Subject: Re: [aws-samples/aws-secrets-manager-rotation-lambdas] Add support for rotation of IAM access keys (#30)

We have no plan to support IAM access key rotation through Secrets Manager. Users should be using IAM roles for EC2, IAM roles for service accounts or IAM roles anywhere for AWS credentials. Closing this PR. — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>