- 최신
- 최다 투표
- 가장 많은 댓글
This is not possible today. You must create a new api key and delete the old one. The new key will start it's quota value at 0.
Remember that API keys are not designed to be an auth mechanism, but used to provide access to developer portals, or throttling based on an associated usage plan. See Best practices for API keys and usage plans.
Don't rely on API keys as your only means of authentication and authorization for your APIs. If you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access all APIs in that usage plan. Instead, use an IAM role, a Lambda authorizer, or an Amazon Cognito user pool.
As api keys are primarily used for throttling purposes you can set the key dynamically using a Lambda authorizer which had the benefit of not distributing new keys to the client. You can therefore fully automate the rotation process.
관련 콘텐츠
- AWS 공식업데이트됨 2년 전