AWS IAM : change Access Key Id the from root to IAM

1
votes

I have a question,

I use elastic beanstalk to deploy python django

when eb init I use the root Access Key Id & Secret Access Key to create the instance

and recently I read the document about IAM

I create a IAM user with Access Key Id , Secret Access Key

But my english is not well.

Is it means I should use this IAM create elastic beanstalk instance for security??

If it's true,how can I change the insctance I created with root Secret Access Key to IAM Secret Access Key on my terminal??

Please guide me Thank you

1
pythondjangoamazon-web-services

1 Answers

1
votes

should I use this IAM user to create the elastic beanstalk instance for security?

No. Once the box is created, it does not matter what keys were used to create the box.

In the future, it's best if you remove the root keys and only use IAM keys.

If the program on your box needs AWS credentials: you should NOT put your AWS root key/secret on the box. Do one of these:

1) Create an IAM user with restricted permissions. Create keys for that user, and put those keys on the box.

2) Create an IAM Role and use that Role to get keys. This adds security, since the keys expire after a while. Your program must ask for fresh keys every few hours, but this is built-in to some libraries.