Rotate AWS Access Keys


Rotating access keys on a regular basis is a security best practice. We require you rotate access keys to your Simon Data hosted S3 bucket, via the CLI.

You'll receive an automated email when keys are nearing expiration, reminding you to rotate your keys. If keys aren't rotated by their expiry date, data workflows that you've set up may stop working.

Steps to Rotate Access Keys with Example IAM User, simondata_external

  1. View All Access Key(s)
    aws iam list-access-keys --user-name simondata_example

  2. Create New (Second) Access Key
    aws iam create-access-key --user-name simondata_example

    • Each user can have two access keys max.
    • This command will display two required keys: AccessKeyId and SecretAccessKey.


      This is the only time the SecretAccessKey will be displayed. Take note of it before exiting.

  3. Update all data workflows with the new access key ID and secret access key

  4. Change the State of Previous Access Key to Inactive
    aws iam update-access-key --access-key-id XXXXXEXAMPLEXXXXX --status Inactive --user-name simondata_example

  5. Validate that all data workflows are working as expected.

  6. Delete the Inactive Access Key
    aws iam delete-access-key --access-key-id XXXXXEXAMPLEXXXXX --user-name simondata_example


    This action is irreversible.

Review also, the AWS guide for rotating access keys.