Use Temporary Credentials for Apps Running on EC2 Virtual Machines
To leverage AWS services in their projects, developers generally use AWS-SDK or AWS CLI. For these, an admin creates an IAM user with programmatic access. He then shares access to these credentials with the developer.
These credentials consist of an access key and a secret key ID. As a developer at DLT Labs, we use these credentials to sign API requests. By doing so, AWS can verify the user’s identity in API calls.
What happens if our credentials get exposed?
Anyone having our credentials would have the same level of access to the AWS resources that we have.
Credential’s management and its security have always been a high priority at DLT Labs. Working with various cloud providers in my software engineering role here, I learned some best practices surrounding the use of credentials in an application.
A few techniques that can help us protect our credentials
- In the application, don’t use the root user credentials. Always use the IAM user’s access and secret key ID as environment variables for long term-access
- Rotate the IAM user’s keys regularly
- Use temporary credentials for short-term access
