How are Access Keys more secure than a username and password?

Question

I'm preparing to sit the Cloud Practitioner certification.  I have a CCNA and some experience in Network Administration however I do not have a computer science qualification.

I'm confused as to how Access Keys add to the security of access AWS resources.  The documentation reads: 
> When you use AWS programmatically, you provide your AWS access keys so that AWS can verify your identity in programmatic calls. Your access keys consist of an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

How is a human or non-human user passing Access Keys more secure than passing Username and Password to access resources?  It appears (in my ignorance) to add an unnecessary layer of complexity.  Surely there is a logical reason, but I can't seem to identify it.

Answer

Because access keys are programmatically generated and are random they are less easily guessed. So that's a start. And it is strongly encouraged that customers don't use long-lived credentials (another difference from passwords). When you use (for example) EC2 instances or Lambda functions the credentials used are rotated automatically meaning that if they are compromised they can only be used for a short period of time.

Answer

I suggest you take a look at this document - https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

to better understand how AWS CLI and AWS SDKs secure the request using request signing when calling AWS APIs through the command-line or programmatically.

How are Access Keys more secure than a username and password?

相关内容