Turbot now supports user managed AWS access keys, allowing users to create, rotate, and delete access keys from the Turbot console for each of their accounts. Access keys were previously only available for service users, adding overhead when needing to use the AWS CLI and other tools that leveraged access keys.

Managing Access Keys

Before users can begin creating access keys from the Turbot console, the “Turbot

AWS Users > Access Keys Enabled” option will need to be Enabled:

Access Keys Enabled Option

The user will need to have an IAM user in the account, else the create option will be disabled (the AWS login button is also disabled):

Access Keys Diabled

To create a key, click Create (+):

Create Access Key

A modal will appear with the AWS username, access key ID, and secret access key:

Create Access Key Modal

After a key has been created, the access key ID will be displayed, along with the options to rotate or delete the key:

Access Key Display

Expiring Access Keys

Access keys can also be set to expire through the “Turbot > AWS Users > Access Key Expiration Days” option:

Access Key Expiration Option

Expired keys will be struck-through on the Turbot console and automatically be deactivated to prevent further use:

Expired Access Key

Turbot recommends setting a short expiration period to enforce frequent rotations as a security best practice.