AWS access key and secret in favor of IAM roles for Reltio-owned resources
Learn about the upcoming deprecation of AWS access key and secret authentication and the transition to IAM AssumeRole-based authentication.
What are we deprecating?
We are deprecating the use of AWS access key and secret authentication for accessing our services. Instead, you should authenticate with IAM roles using AssumeRole, which provides temporary security credentials and eliminate the risks associated with long-lived access keys.
Why are we deprecating it?
Best practices on cross-account AWS authentication highlights the security risks of long-term access keys and recommends IAM roles as the best practice for secure authentication. IAM roles provide temporary credentials that are automatically rotated, reducing the likelihood of credential leakage and unauthorized access. This transition enhances the security and resilience of the Reltio Data Cloud.
When are we deprecating it?
We are notifying you in advance that AWS access key and secret authentication will be deprecated in the future. While we have not set a specific end date, we strongly recommend beginning the transition to IAM roles as soon as possible to ensure a smooth migration.
What does this mean to you?
If you are currently using AWS access key and secret authentication to access a Reltio service, you should begin transitioning to IAM role-based authentication. This change ensures compliance with AWS security best practices and improves the security of your integrations.
What action do you need to take?
- For customers using AWS access key and secrets to access Reltio-owned AWS resources
- Update your authentication mechanism to use IAM role-based authentication. Ensure that your applications can assume the necessary IAM roles for accessing Reltio services. For guidance, see
- Export service: Secure export AWS authentication
- Match service: External match API - AWS
- Data streaming: Add an external queue configuration
- Life Cycle Actions with AWS Lambda: Access with IAM Role
- For customers already using IAM roles
- No action is required. You are already following the AWS recommended approach.
Still have questions?
Contact a supportive person if you need assistance transitioning to IAM roles or have specific questions about how this change impacts your environment.