As a security best practice, you should rotate AccessKey pairs regularly. Each Resource Access Management (RAM) user can have up to two active AccessKey pairs at a time, which allows you to rotate them with no downtime. This topic describes the procedure for rotating a AccessKey pair to limit the potential impact of a compromised one.
Procedure
Update all of your applications to use the new AccessKey pair.
NoteBefore disabling the old AccessKey pair, verify that it is no longer being used. In the RAM console, navigate to the user's details page and check the Last Used Service / Time information for the original AccessKey pair. If it shows recent activity, investigate which application is still using it before you proceed. For more information, see View the information about AccessKey pairs of a RAM user.
Verify that all applications continue to function as expected.
If your applications are working correctly, you can proceed to the next step.
If an application fails, it means it was not updated with the new AccessKey pair. Re-enable the old one to restore functionality. Then, identify the application that is still using the old AccessKey pair, update it, and repeat this verification step.
What to do next
To maintain a strong security posture, we recommend that you rotate your AccessKey pairs on a regular basis (such as every 90 days).