[0xbadcafebee]

A static AWS credential (otherwise known as "AWS Access Key ID & AWS Secret Key") can be leaked or stolen. The stolen AWS credentials can then be re-used again and again by whoever has them because they're not temporary.

A static credential is sometimes shared among many users, making it very difficult to audit their use.

When was the last time you changed the AWS credentials when somebody left a company? They probably still have the old credentials and they probably still work.

If your computer gets infected with malware, the malware can look for credentials on your system (not difficult to match on them with regular expressions searching through files).

Some people use their own user's personal static credentials for things like CI/CD, and their personal static credentials often have Admin access to the AWS account. This is a lot more access than should be given to some automation system.

A hacker can use them to spin up 100 giant EC2 instances in your AWS account to mine crypto / send spam / DDoS, and charge your AWS account $500,000 in a month.