A CLI tool that simplifies and automates the secure rotation of AWS IAM user access keys.
Easily rotate your AWS access key. :key:
This tool is used by AWS IAM users and administrators to periodically rotate their AWS access keys as a security best practice, reducing the risk of compromised credentials. It automates the process of listing, deleting, creating, and deactivating access keys, ensuring compliance and minimizing manual errors during key rotation.
Users must ensure their IAM permissions allow managing their own access keys as specified in the provided IAM policy. When requiring MFA, the '-mfa' option must be used and appropriate IAM conditions configured. It is recommended to verify that the new access key is fully propagated before deactivating or deleting the old key to avoid service disruptions.
Download binaries from the GitHub releases section
Install on macOS using Homebrew: brew install aws-rotate-key
Install on Ubuntu Linux using PPA: sudo add-apt-repository ppa:stefansundin/aws-rotate-key
Then run: sudo apt install aws-rotate-key
Build and install using Go: go install github.com/stefansundin/aws-rotate-key@latestaws-rotate-key --help
Displays usage information and available command line options.
aws-rotate-key --profile work
Rotates access keys for the AWS CLI profile named 'work', listing keys and prompting for confirmation.
aws-rotate-key -y
Runs the key rotation process with automatic 'yes' to all prompts, enabling non-interactive use.
aws-rotate-key -mfa
Enables MFA support during the rotation process for enhanced security.
aws-rotate-key -d
Deletes the old access key instead of just deactivating it after creating a new key.