This week was very exciting at AWS re:Invent. There were many, many new services announced. One new service that was announced is called AWS Transfer for SFTP. AWS Transfer for SFTP allows you to setup a managed SFTP server which will upload and download files to Amazon S3, using the SFTP protocol. This is a great way to transfer files in to and out of Amazon S3 using standard tools.

Last week, AWS announced a fantastic new feature for AWS CloudFormation, CloudFormation Drift Detection. Drift detection allows you to determine whether the AWS resources controlled by your CloudFormation stacks have drifted from their original configuration. This can happen if you manually adjust properties of your AWS resources. Today, we’re excited to announce a new action to report on your CloudFormation drifted stacks: CloudFormation Stack Drift Report.

Still referencing Best Practices for Managing AWS Access Keys, best practices recommends that root access keys are never used and should be completely removed from your AWS account. Instead, IAM users with limited permissions should be used. In fact, Skeddly even prevents root access keys from being registered with Skeddly. We always recommend using IAM third-party roles, however, access keys can still be used. And we only allow IAM user access keys to be registered.

According to Best Practices for Managing AWS Access Keys, if you must utilize IAM access keys, it is best to remove or disable unused keys. This will close possible security holes in your AWS account. Today, we’re happy to announce a new action to help with this task: Disable Unused IAM Access Keys. This new action will iterate through the IAM users in your AWS account, determine when any access keys were last used, and if they were not used inside a configurable threshold, disable the keys.