AWS Certified Cloud Practitioner (CLF-C02) — Question 281

Who is responsible for managing IAM user access and secret keys according to the AWS shared responsibility model?

Answer options

• A. IAM access and secret keys are static, so there is no need to rotate them.
• B. The customer is responsible for rotating keys.
• C. AWS will rotate the keys whenever required.
• D. The AWS Support team will rotate keys when requested by the customer.

Correct answer: B

Explanation

Under the AWS shared responsibility model, the customer is responsible for security 'in' the cloud, which includes managing their own IAM users, credentials, and access keys. AWS manages the security 'of' the cloud but does not have access to or control over customer-generated IAM secrets. Therefore, the rotation and lifecycle management of these keys are strictly the customer's duty.