Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Eddie Rubeiz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Find out where the key is used.
    1. Ansible's group_vars/vault has most of the keys and you can then rapidly search to see where they are used
    2. Capistrano's aws_credential file is another spot
    3. Local server(s) with access to AWS resources are also a place to look (dubnium, and cloudberry)
  2. If the threat assessment shows you do not need to risk downtime
    1. In IAM (https://console.aws.amazon.com/iam/home?region=us-east-1#/users ) go to the affected key and the Security Credentials tab
    2. Generate a new Access Key
    3. Download/save the access key CSV to share as needed
    4. Update the access key (may require running ansible updates after editing the vault file or changing server config files)
    5. Check that the old access key(s) are removed
    6. Set the old access keys to inactive with the Make Inactive link, which disables them. They can easily be reactivated if a problem occurs.
    7. Check that service functions normally
    8. Delete the old access keys.
  3. If the threat assessment shows that we can risk downtime, first disable the affected key.
    1. If a production server will be broken, set maintenance mode or a downtime server to let users know service is disrupted.
    2. Then follow steps under 2.