2 Answers
- Newest
- Most votes
- Most comments
2
Because access keys are programmatically generated and are random they are less easily guessed. So that's a start. And it is strongly encouraged that customers don't use long-lived credentials (another difference from passwords). When you use (for example) EC2 instances or Lambda functions the credentials used are rotated automatically meaning that if they are compromised they can only be used for a short period of time.
1
I suggest you take a look at this document - https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html
to better understand how AWS CLI and AWS SDKs secure the request using request signing when calling AWS APIs through the command-line or programmatically.
Relevant content
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago