Disable programmatic access to AWS












0















Can we disable programmatic access using access key / secret key to the entire account? In case there is a security breach and the access key and secret key is exposed to the outside world, can the AWS account administrator freeze the programmatic access to the AWS account?






amazon-web-services amazon-iam aws-iam







share|improve this question



























    0















    Can we disable programmatic access using access key / secret key to the entire account? In case there is a security breach and the access key and secret key is exposed to the outside world, can the AWS account administrator freeze the programmatic access to the AWS account?






    amazon-web-services amazon-iam aws-iam







    share|improve this question

























      0












      0








      0


      0






      Can we disable programmatic access using access key / secret key to the entire account? In case there is a security breach and the access key and secret key is exposed to the outside world, can the AWS account administrator freeze the programmatic access to the AWS account?






      amazon-web-services amazon-iam aws-iam







      share|improve this question














      Can we disable programmatic access using access key / secret key to the entire account? In case there is a security breach and the access key and secret key is exposed to the outside world, can the AWS account administrator freeze the programmatic access to the AWS account?






      amazon-web-services amazon-iam aws-iam




      amazon-web-services amazon-iam aws-iam






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Jan 1 at 1:20









      John JaiJohn Jai

      79411327




      79411327
























          1 Answer
          1






          active

          oldest

          votes


















          3














          You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.



          There are several types of Access Keys:




          1. AWS Root User Access Keys. You should not be using these keys. If you are, issue IAM User Access Keys and delete the root keys.

          2. IAM User Access Keys. These are the key types that you should use for normal access.

          3. Temporary Access Keys. These keys are generated by Roles or Simple Token Service (STS). These keys are temporary and expire.


          Managing Access Keys for Your AWS Account Root User



          Managing Access Keys for IAM Users



          Revoking IAM Role Temporary Security Credentials






          share|improve this answer


























          • Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

            – John Jai
            Jan 1 at 1:55






          • 2





            You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

            – John Hanley
            Jan 1 at 2:01











          • Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

            – John Jai
            Jan 1 at 2:18













          • @JohnJai - Updated my answer with your suggestion.

            – John Hanley
            Jan 1 at 2:31













          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53992484%2fdisable-programmatic-access-to-aws%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          3














          You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.



          There are several types of Access Keys:




          1. AWS Root User Access Keys. You should not be using these keys. If you are, issue IAM User Access Keys and delete the root keys.

          2. IAM User Access Keys. These are the key types that you should use for normal access.

          3. Temporary Access Keys. These keys are generated by Roles or Simple Token Service (STS). These keys are temporary and expire.


          Managing Access Keys for Your AWS Account Root User



          Managing Access Keys for IAM Users



          Revoking IAM Role Temporary Security Credentials






          share|improve this answer


























          • Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

            – John Jai
            Jan 1 at 1:55






          • 2





            You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

            – John Hanley
            Jan 1 at 2:01











          • Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

            – John Jai
            Jan 1 at 2:18













          • @JohnJai - Updated my answer with your suggestion.

            – John Hanley
            Jan 1 at 2:31


















          3














          You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.



          There are several types of Access Keys:




          1. AWS Root User Access Keys. You should not be using these keys. If you are, issue IAM User Access Keys and delete the root keys.

          2. IAM User Access Keys. These are the key types that you should use for normal access.

          3. Temporary Access Keys. These keys are generated by Roles or Simple Token Service (STS). These keys are temporary and expire.


          Managing Access Keys for Your AWS Account Root User



          Managing Access Keys for IAM Users



          Revoking IAM Role Temporary Security Credentials






          share|improve this answer


























          • Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

            – John Jai
            Jan 1 at 1:55






          • 2





            You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

            – John Hanley
            Jan 1 at 2:01











          • Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

            – John Jai
            Jan 1 at 2:18













          • @JohnJai - Updated my answer with your suggestion.

            – John Hanley
            Jan 1 at 2:31
















          3












          3








          3







          You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.



          There are several types of Access Keys:




          1. AWS Root User Access Keys. You should not be using these keys. If you are, issue IAM User Access Keys and delete the root keys.

          2. IAM User Access Keys. These are the key types that you should use for normal access.

          3. Temporary Access Keys. These keys are generated by Roles or Simple Token Service (STS). These keys are temporary and expire.


          Managing Access Keys for Your AWS Account Root User



          Managing Access Keys for IAM Users



          Revoking IAM Role Temporary Security Credentials






          share|improve this answer















          You can disable or delete an Access Key. You must disable access keys one at a time. There is no "global" disable or delete for access keys.



          There are several types of Access Keys:




          1. AWS Root User Access Keys. You should not be using these keys. If you are, issue IAM User Access Keys and delete the root keys.

          2. IAM User Access Keys. These are the key types that you should use for normal access.

          3. Temporary Access Keys. These keys are generated by Roles or Simple Token Service (STS). These keys are temporary and expire.


          Managing Access Keys for Your AWS Account Root User



          Managing Access Keys for IAM Users



          Revoking IAM Role Temporary Security Credentials







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 1 at 2:30

























          answered Jan 1 at 1:49









          John HanleyJohn Hanley

          16.1k2629




          16.1k2629













          • Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

            – John Jai
            Jan 1 at 1:55






          • 2





            You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

            – John Hanley
            Jan 1 at 2:01











          • Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

            – John Jai
            Jan 1 at 2:18













          • @JohnJai - Updated my answer with your suggestion.

            – John Hanley
            Jan 1 at 2:31





















          • Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

            – John Jai
            Jan 1 at 1:55






          • 2





            You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

            – John Hanley
            Jan 1 at 2:01











          • Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

            – John Jai
            Jan 1 at 2:18













          • @JohnJai - Updated my answer with your suggestion.

            – John Hanley
            Jan 1 at 2:31



















          Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

          – John Jai
          Jan 1 at 1:55





          Thanks, so we can't disable all the access keys but only those we know is exposed right? Is there any disable for all access keys of an account?

          – John Jai
          Jan 1 at 1:55




          2




          2





          You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

          – John Hanley
          Jan 1 at 2:01





          You must disable access keys one at a time. There is no "global" disable or delete for access keys. TIP: You should not be creating access keys that have access to everything in your account. You should be using Least Privilege to only issue access keys with the privileges they need. If your programs are running in the cloud, don't use access keys at all and instead use IAM Roles.

          – John Hanley
          Jan 1 at 2:01













          Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

          – John Jai
          Jan 1 at 2:18







          Thanks, that answers my original question - no "global" disable. And that's a great tip. Can you please edit your answer to include this statement, so I can mark it as accepted?

          – John Jai
          Jan 1 at 2:18















          @JohnJai - Updated my answer with your suggestion.

          – John Hanley
          Jan 1 at 2:31







          @JohnJai - Updated my answer with your suggestion.

          – John Hanley
          Jan 1 at 2:31






















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53992484%2fdisable-programmatic-access-to-aws%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Mossoró

          Image
            Nota: Para outros significados, veja Mossoró (desambiguação). Município de Mossoró "Capital do Oeste Potiguar" [ 1 ] "Capital nacional do Semiárido" [ 2 ] [ 3 ] "Capital Cultural do Rio Grande do Norte" [ 1 ] "Terra de Santa Luzia" [ 4 ] "Terra do Sol, do Sal e do Petróleo" [ 5 ] "Terra da Liberdade [ 6 ] " Centro de Mossoró, com a Praça Vigário Antônio Joaquim e, ao fundo, a câmara municipal de vereadores (esquerda) e Catedral de Santa Luzia (direita) Bandeira Brasão Hino Fundação 15 de março de 1852 (166 anos) Gentílico mossoroense Padroeiro(a) Santa Luzia Prefeito(a) Rosalba Ciarlini Rosado (PP) (2017 – 2020 ) Localização Localização de Mossoró no Rio Grande do Norte Mossoró Localização de Mossoró no Brasil 05° 11' 16" S 37° 20' 38" O 05° 11' 16" S 37° 20' 38" O Unidade federativa Rio Grande do No...
          Read more

          Error while reading .h5 file using the rhdf5 package in R

          Image
          0 I'm importing a .h5 file into R by using the rhdf5 package. But a warning message showed and I found the DATE_TIME column of my data is NA when I view the imported file. Warning message: In H5Dread(h5dataset = h5dataset, h5spaceFile = h5spaceFile, h5spaceMem = h5spaceMem, : h5read for type 'TIME' not yet implemented. Values replaced by NA's. It's all normal when I use Vitables (Python) to open the .h5 file. But the DATE_TIME column is NA with HDFViewer open it. My code is: library(rhdf5) test <- h5read("mytestdata.h5", "/results") View(mydatatest) I want to use R to open .h5 file. Please give me some help! Thanks in advance! r hdf5 rhdf5 ...
          Read more

          Pushsharp Apns notification error: 'InvalidToken'

          Image
          1 1 I am currently working on automatic updates for Passbook (wallet) tickets and am experiencing some trouble using the Pushsharp library by Redth. I am using a Push notification certificate from the apple developer portal. I have tried to export my certificate as .p12, .pem and tried to use only the private key as .12 or .pem but nothing works. This is my full certificate (information is blanked out for security reasons): https://cdn.pbrd.co/images/HUJtb7b.png I dont have enough reputation to post images so a link is all i can provide. var succeeded = 0; var failed = 0; var attempted = 0; var config = new ApnsConfiguration(ApnsConfiguration.ApnsServerEnvironment.Sandbox, ConfigManager.CertPath + "PushCertificateV2.p12", ConfigManager.lvppass, fa...
          Read more