Important warnings and guidance for credentials
Warnings for credentials
-
Do NOT use your account's root credentials to access Amazon resources. These credentials provide unrestricted account access and are difficult to revoke.
-
Do NOT put literal access keys in your application files. If you do, you create a risk of accidentally exposing your credentials if, for example, you upload the project to a public repository.
-
Do NOT include files that contain credentials in your project area.
-
Credentials in one of the credential-storage mechanisms, the shared Amazon credentials file, are stored in plaintext.
Additional guidance for securely managing credentials
For a general discussion of how to securely manage Amazon credentials, see Best practices for managing Amazon access keys in the Amazon General Reference. In addition to that discussion, consider the following:
-
Create IAM users and use their credentials instead of using your Amazon root user. IAM user credentials can be revoked if necessary. In addition, you can apply a policy to each IAM user for access to certain resources and actions.
-
Use IAM roles for tasks for Amazon Elastic Container Service (Amazon ECS) tasks.
-
Use IAM roles for applications that are running on Amazon EC2 instances.
-
Use temporary credentials or environment variables for applications that are available to users outside your organization.