113. How do you revoke leaked credentials?

AWS Bites

Feb 09, 2024•12 min•Season 1Ep. 113

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this episode, we discuss what to do if you accidentally leak your AWS credentials during a live stream. We explain the difference between temporary credentials and long-lived credentials, and how to revoke each type. For temporary credentials, we recommend using the AWS console to revoke sessions or creating an IAM policy to deny access. For long-lived credentials, you must deactivate and rotate the credentials. We also touch on using tools like HashiCorp Vault to manage credentials securely.

💰 SPONSORS 💰 AWS Bites is brought to you by fourTheorem, the AWS consulting partner that doesn’t suck. Check us out at ⁠⁠https://fourTheorem.com⁠⁠ In this episode, we mentioned the following resources:

Gist with example policy: https://gist.github.com/lmammino/02fef8ce0cc22a45f219fe4f47fcf20c
Revoking IAM role temporary security credentials (official AWS docs): https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html

Do you have any AWS questions you would like us to address? Leave a comment here or connect with us on X, formerly Twitter: - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/eoins⁠⁠⁠⁠⁠⁠⁠ - ⁠⁠⁠⁠⁠⁠⁠https://twitter.com/loige⁠⁠

For the best experience, listen in Metacast app for iOS or Android