|
|
|
|
|
|
by tedchs
4459 days ago
|
|
|
The best practice with AWS API keys is to ONLY EVER use IAM (Identity and Access Management). There is nowadays zero reason to even generate account-level API keys. With IAM, you can create separate keys with separate abilities, down to the API call, even locked down to certain IP addresses. Even on my personal account I have separate IAM "users", e.g. one for each S3 bucket that I use for backups, locked down to the minimum access needed for the backup software to work. |
|
|