- Two access keys may be held per user for the purpose of renewing access keys without disrupting the customer's application.
- One access key consists of AccessKeyID (20 characters) and SecretKey (40 characters).
- The access key must never be exposed to the outside.
- For security, it is recommended to periodically change the access key.
- Access key replacement
- Create a new key with the CreateAccessKey API.
- Update the application to use the new access key.
- Call the GetAccessKeyLastUsed API to see if the old access key is still in use.
- If it is confirmed by step 3 that the old key is not currently in use, the old key is changed to an “inactive” state with UpdateAccessKey API.
- Use only the new access key to verify that the application works.
- After waiting for a certain period of time, the DeleteAccessKey API is called to delete the old access key.