Tuesday, September 1, 2009

AWS: Two Account Credentials

Amazon Web Services (AWS) now allows each AWS account to have two credentials. In other words, one AWS account can have two active Access Key ID and Secret Access Key pairs.

Do not confuse this feature with yesterday's announcement by AWS on Multi-Factor Authentication (MFA) which is similar to a SecurID fob.

Two AWS Account Credentials
AWS supports multiple concurrent access keys. This allows you to rotate keys without impact to your applications' availability. AWS recommends that you rotate keys on a regular basis. To rotate keys, create a new key below, update your applications to use the new key, and then deactivate/delete the original key.

You are allowed two access keys at any point in time, and the keys may be in the following states:

So What?
This new feature can ensure a smooth transition when rotating your keys. In the past, when you created new credentials it overwrote your old credentials. You were out of luck if you missed an application or web service that was using the old credentials. Now, you can create new credentials and update your apps. If you notice an app no longer working when you click "Make Inactive" then you can reactivate the old credentials while you fix the problem.

You can find more details when you access your AWS security credentials.

Twitter Redirects: Nice and Clean

Twitter's website begin counting clicks inside of tweets. Obviously, they do this to track stats, i.e. how many people click on links from the Twitter web site.

The interesting thing is that they're passing on the simple referrer that you'd expect. In other words, instead of the referrer looking like:


It simply looks like:

This is very clean for link tracking websites like Adjix which track clicks by IP address and referrer:

Update: Just discovered a clear downside - when the Twitter website is slow, clicking on these links are painfully slow since you have to first be redirected by Twitter's servers.