Bear in mind that probably as many AWS accounts are popped by losing access keys... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tptacek on Sept 26, 2018 \| parent \| context \| favorite \| on: AWS now supports U2F/Yubikeys Bear in mind that probably as many AWS accounts are popped by losing access keys as IAM logins (if you're logging in to the root account, stop doing that). For the access keys, you should look into things like aws-vault, which wrap the STS so that your shell is only ever handling temporary session-bound keys.

atonse on Sept 26, 2018 | [–]

Wow aws-vault looks awesome. Something I badly need so I can clear out my ~/.aws/credentials file.

Thanks for the tip.

jiveturkey on Sept 26, 2018 | [–]

Hadn’t heard of aws-vault, awesome! egg on my face as i consider myself an expert

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact