1The Danger of Static Keys
IAM User Access Keys are permanent until manually deleted or rotated. This makes them a prime target for attackers. Leaked keys are the number one cause of cloud data breaches and unauthorized cryptomining.
2The Magic of STS
IAM Roles rely on the AWS Security Token Service (STS). When an entity assumes a role, STS dynamically generates temporary security credentials (an Access Key, Secret Key, and a Session Token) that automatically expire.
