AWS IAM Identity Center SCIM API Key rotation

Greetings.

I would like to know how we can rotate the SCIM API key, programmatically, every 90 days. As per our current settings, we don't have the right to delete and recreate the API key via the AWS console. I am thinking of using one of the options

Hashicorp Valut AWS Secret Manager with Lambda.

Please help me by throwing your input, based on your experiences. Have a great day, Thanks, and regards Baskaran Viswanathan

주제

보안, 신원 및 규정 준수

태그

AWS 자격 증명 및 액세스 관리 AWS IAM 자격 증명 센터

언어

English

Baskaran Viswanathan

질문됨 5달 전376회 조회

1개 답변

최신
최다 투표
가장 많은 댓글

이 답변이 도움이 되었나요?커뮤니티가 여러분의 지식을 활용할 수 있도록 정답을 찬성하세요.

Today this is done once a year, and there is no way to automate this to be done every 90 days. Even if you could automate it - SCIM key rotation needs to be done in AWS as well as in the iDP that you are using, so it would not be that straight forward.

You could open a support case, and ask for this to be considered as a feature request.

전문가

Max Clements

답변함 4달 전

전문가

Giovanni Lauria

검토됨 한 달 전

Baskaran Viswanathan
4달 전
Thank you so much for your reply. Currently it supports 2 key. But i would like to delete and generate the keys and store/update it in one of the following

Secrets Manager

KMS

AWS Context

Harshicorp Vault Even if it cannot be automatted programmatically, we have to be regenerated manually and then updated the above mentioned services, Correct. Also there is API for the SCIM API access.

Please let me know, if any of my comments make sense, Thank you so much for your help, time and support

Have a great day Thanks and regards Baskaran Viswanathan

AWS IAM Identity Center SCIM API Key rotation

관련 콘텐츠