使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

AWS IAM Identity Center SCIM API Key rotation

0

Greetings.

I would like to know how we can rotate the SCIM API key, programmatically, every 90 days. As per our current settings, we don't have the right to delete and recreate the API key via the AWS console. I am thinking of using one of the options

Hashicorp Valut AWS Secret Manager with Lambda.

Please help me by throwing your input, based on your experiences. Have a great day, Thanks, and regards Baskaran Viswanathan

主题
安全、身份和合规性
标签
AWS 身份和访问权限管理AWS IAM 身份中心
语言
English
Baskaran Viswanathan
已提问 5 个月前375 查看次数
1 回答
0

Today this is done once a year, and there is no way to automate this to be done every 90 days. Even if you could automate it - SCIM key rotation needs to be done in AWS as well as in the iDP that you are using, so it would not be that straight forward.

You could open a support case, and ask for this to be considered as a feature request.

AWS
专家
Max Clements
已回答 4 个月前
profile picture
专家
Giovanni Lauria
已审核 1 个月前
  • Baskaran Viswanathan
    4 个月前

    Thank you so much for your reply. Currently it supports 2 key. But i would like to delete and generate the keys and store/update it in one of the following

    1. Secrets Manager
    2. KMS
    3. AWS Context
    4. Harshicorp Vault Even if it cannot be automatted programmatically, we have to be regenerated manually and then updated the above mentioned services, Correct. Also there is API for the SCIM API access.

    Please let me know, if any of my comments make sense, Thank you so much for your help, time and support

    Have a great day Thanks and regards Baskaran Viswanathan

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容