By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Advantages of "Access key ID & Secret access key" over "Username and password"

1

I understand in AWS, "Access key ID & Secret access key" is similar to "Username and password".

While using/configuring CLI, "Access key ID & Secret access key" is saved in "credentials" file. So it is similar to saving "Username and password" in a plain text file.

In CLI, technically we can use only "Access key ID & Secret access key", but not "Username and password".

Apart from this, is there any advantages exists of using "Access key ID & Secret access key" over "Username and password" ?

Topics
Security, Identity, & ComplianceAWS Well-Architected FrameworkManagement & Governance
Tags
AWS Identity and Access ManagementSecurityAWS Account Management
Language
English
Boopalan
asked 2 years ago2603 views
4 Answers
5

Access keys are long-term credentials for an IAM user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK).

As a best practice, use temporary security credentials (IAM roles) instead of access keys. Please refer to section "Use IAM roles instead of long-term access keys" in the following link for more details: https://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html

AWS
Irfan_S
answered 2 years ago
1

It is a matter of what kind of access is needed. AWS requires different types of security credentials depending on how you access AWS. For example, you need a user name and password to sign in to the AWS Management Console and you need access keys to make programmatic calls to AWS or to use the AWS Command Line Interface or AWS Tools for PowerShell.

Additionally, You can also create and use temporary access keys, known as temporary security credentials. In addition to the access key ID and secret access key, temporary security credentials include a security token that you must send to AWS when you use temporary security credentials.

https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys

Hope this helps.

profile pictureAWS
SUPPORT ENGINEER
Chirag_R
answered 2 years ago
0

AWS requires different types of security credentials depending on how you access AWS. The article understanding and getting your AWS credentials explains the various types of credentials and covers username/password and programmatic credentials.

RoB
answered 2 years ago
0

None of the answers really address your question other than saying "it's best practice to use keys instead of username/password". The intuitive response to your actual question is that programmatic access can be more prone to a user mistakenly exposing their access credentials. If that were to happen, the "blast radius" of exposing keys is smaller than exposing the password. Why? Because the keys are only useful for accessing AWS whereas a username/password could potentially be used to access other accounts (even outside AWS) owned by the user — either directly or by social engineering.

AWS
datasith
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content