0

I have a third-party application that is integrated with AWS. It uses a particular User in AWS for the integration, and I have to manually update the access key and secret key in the console of the third-party app when the User's keys are rotated.

I plan to rotate the keys more often, and I am hoping to automate the update of keys in the third-party app.

I believe that I can create a custom CloudWatch event using EventBridge to pick up on changes to the IAM user credentials and trigger a Lambda. However, what I can't figure out is how to collect the updated User access + secret keys so that I can use the third-party app's API to update them.

Is it possible to collect/feed rotated access + secrets keys programmatically within a Lambda function?

vile_goat
  • 13
  • 6
  • 1
    Have you ever considered [assuming a role](https://stackoverflow.com/questions/50082732/what-is-exactly-assume-a-role-in-aws)? – baduker Jun 21 '23 at 09:38
  • You cannot get access to the secret key after it has been created. Who triggers the rotation? That party needs to distribute the new key to every interested party. – luk2302 Jun 21 '23 at 09:44
  • @baduker unfortunately, it seems that it is not possible to assume a role with this third-party service – vile_goat Jun 21 '23 at 12:11

0 Answers0