This blog post has been revised to reflect the updated name of AWS Single Sign-On (SSO) – now known as AWS IAM Identity Center. You can explore more about this change here.
You can now easily access and update your security credentials through the “My Security Credentials” page in the AWS Management Console. When you provide programmatic or console access to your developers, they receive credentials such as passwords and access keys to interact with AWS resources. For instance, creating users in AWS Identity and Access Management (IAM) generates long-term credentials for your developers. Navigating these credentials can be challenging, particularly for newcomers, often leading developers to seek assistance from their administrators. The updated My Security Credentials page helps developers discover, create, or adjust their security credentials independently. This includes passwords for console access, access keys for programmatic AWS interactions, and multi-factor authentication (MFA) devices. By simplifying the discovery and management of AWS security credentials, developers can more quickly engage with AWS.
If you need to create IAM users, the My Security Credentials page is your go-to for managing long-term credentials. However, as a best practice, AWS recommends using temporary credentials through federation for accessing AWS accounts. Federation allows you to leverage your existing identity provider for AWS access. You can also utilize AWS IAM Identity Center to centrally manage identities and their access across multiple AWS accounts and business applications. In this post, I will guide you through the IAM user experience in the AWS Management Console for retrieving and configuring security credentials.
Accessing Your Security Credentials
When interacting with AWS, you require security credentials to authenticate your identity and determine your access permissions. For instance, a username and password are necessary to log into the AWS Management Console, while access keys are essential for making programmatic API calls to AWS.
To access and manage your security credentials, log into your AWS console as an IAM user. Then, navigate to your username in the upper right corner of the navigation bar. From the dropdown menu, choose My Security Credentials.
The My Security Credentials page houses all your security credentials. As an IAM user, you should visit this central location to manage everything related to your credentials.
Now, I will demonstrate how IAM users can modify their AWS console access passwords, generate access keys, configure MFA devices, and establish AWS CodeCommit credentials through the My Security Credentials page.
Changing Your AWS Console Access Password
To change your password, go to the My Security Credentials page and, under the Password for console access section, click on Change password. Here, you can also view the age of your current password. For instance, if it’s 121 days old, as shown in the example, it might be time to update. Based on AWS best practices, timely updates are essential.
To proceed with the update, click the Change password button. Depending on the permissions assigned to your IAM user, you may not see the password requirements set by your admin. The image below illustrates the requirements established by my administrator.
Once you click Change password and your new password meets all requirements, your IAM password will be updated.
Generating Access Keys for Programmatic Access
To sign requests made via the AWS Command Line, AWS SDKs, or direct API calls, an access key ID and secret access key are needed. If you’ve created an access key before but neglected to save the secret key, AWS recommends deleting the old key and creating a new one. You can generate new access keys from the My Security Credentials page.
To generate a new key, click the Create access key button. This action will produce a new secret access key, which can only be viewed or downloaded at this moment. For security reasons, AWS does not allow retrieval of a secret access key after its initial creation. Make sure to click the Download .csv file button and save it in a secure location that only you can access.
Note: If you already have the maximum of two access keys (whether active or inactive), you must delete one prior to creating a new key.
If you suspect that someone else has access to your access and secret keys, delete them immediately and create new ones. To remove an existing key, click Delete next to your access key ID. The Delete access key dialog will also display the last time the key was used, which is crucial for understanding if there are any dependencies on that key.
Enabling MFA Devices
As a best practice, AWS recommends enabling multi-factor authentication (MFA) for all IAM users. MFA enhances security by requiring users to provide an additional authentication factor from an AWS-supported MFA mechanism alongside their sign-in credentials when accessing AWS. IAM users can now assign or review their MFA settings through the My Security Credentials page.
To learn more about MFA support in AWS and how to configure MFA devices for an IAM user, please visit Enabling MFA Devices.
Generating AWS CodeCommit Credentials
The My Security Credentials page also allows you to set up Git credentials for AWS CodeCommit, a version control service that privately stores and manages assets like documents and source code in the cloud. Additionally, if you wish to access CodeCommit repositories without installing CLI, you can establish an SSH connection by uploading your SSH public key on the My Security Credentials page. For further details on AWS CodeCommit and its various configuration options, check out the AWS CodeCommit User Guide.
Summary
The My Security Credentials page for IAM users streamlines the management and configuration of security credentials, enabling developers to engage with AWS more swiftly. To gain more insights into security credentials and best practices, refer to this relevant blog post.
For additional information, visit this excellent resource. It’s also worthwhile to check out this authority on the topic. Moreover, if you’re interested in career opportunities, this link offers valuable insights.
Leave a Reply