AWS Cloudtrail - Access Key IDs Randomly Generated
Requesting for inputs here. I am trying to learn AWS, passed Practitioner. I tried to Google and the max I could find was - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events-console.html
AWS access key
The AWS access key ID that was used to sign the request. If the request was made with temporary security credentials, this is the access key ID of the temporary credentials.
What are those temporary (??) keys?
From Temporary security credentials in IAM - AWS Identity and Access Management:
You can use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to long-term access key credentials, with the following differences:
- Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them.
- Temporary security credentials are not stored with the user but are generated dynamically and provided to the user when requested. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.
As a result, temporary credentials have the following advantages over long-term credentials:
- You do not have to distribute or embed long-term AWS security credentials with an application.
- You can provide access to your AWS resources to users without having to define an AWS identity for them. Temporary credentials are the basis for roles and identity federation.
- The temporary security credentials have a limited lifetime, so you do not have to rotate them or explicitly revoke them when they're no longer needed. After temporary security credentials expire, they cannot be reused. You can specify how long the credentials are valid, up to a maximum limit.
Access Keys starting with AKIA are long-term credentials, typically associated with an IAM User.
Access Keys starting with ASIA are temporary credentials created by AWS STS. They also require a session token in addition to the secret key. You will mostly see these when assuming an IAM Role.
- How to assign a role to an iam user?
- Can't connect to ECS service through ALB
- How do I reference a resource created from different module in my current module?
- Aws Workspace Client cannot be opened in Ubuntu - 20.04.6 LTS
- AWS Lambda - How to stop retries when there is a failure
- How Do I get Object URL for Amazon S3 object
- Do different API keys associated on the same usage plan share the same quota limit too?
- S3: Access Denied
- AWS DynamoDB table.query() not working as expected
- Can I programmatically find all untagged resources?
- Terraform doesn't allow to use variable when creating resource. How to go around?
- Multiple Tasks Definition on ECS Service using CloudFormation
- How to calculate the CodeSha256 of aws lambda deployment package before uploading
- Problems using MySQL with AWS Lambda in Python
- EKS Fargate workloads unable to resolve DNS names
- Certbot unable to locate environment variable credentials
- using AWS lambda-docker Error "lambda-entrypoint.sh: exec format error"
- PermanentRedirect error while uploading to S3 bucket with aws-sdk-java
- Container image support for AWS Lambda via cloudformation
- How to get Elastic Container Repository URI from Cloud Formation?
- Design Pattern AWS Batch calling a REST endpoint using cron
- How to configure Query Params in AWS CloudFront
- Athena Query - "NOT IN" slow performance
- S3 PutObject works but List/Delete fails
- How to fix SQL for AWS Athena
- AWS : Deregister UnHealthy IPs from Registered Targets (Target Group) using GitHub action workflow is not working
- How can I recover deleted AWS Lambda code?
- Connecting to AWS EC2 instance using Private Key and Host IP
- Nested Stack can not be assigned a static name in aws cdk v2
- Enable auto-assign public IPv4 address in AWS