LazyStack

Rotate Keys

It is best practice to rotate your AWS CLI Profile keys and GitHub Personal Access Tokens periodically.

AWS CLI Profile Keys

For each organization, LazyStack SMF creates multiple AWS CLI Named Profiles but only the OrgMgmt account named profile has an aws_secret_access_key. You should rotate this key periodically using these AWS instructions.

GitHub Personal Access Tokens

To update a Personal Access Token you need to:

  1. Log into your GitHub personal account.
  2. Click on the user profile icon in the upper right of the page. The user profile menu appears.
  3. Select the Settings menu item. The "personal account page" appears.
  4. Select "Developer Settings" from the left hand menu. The "Developer Settings" page appears.
  5. Select "Personal access tokens" from the left hand menu. The "Personal access tokens" page appears.
  6. Generate Admin Account PAT
    1. Click on the Generate new token button. The "Confirm access" page appears. Note: GitHub may request your password at this point, provide it if requested. The "New personal access token" page appears"
    2. Enter a descriptive note, ex: "New Git Admin Access".
    3. Check the "repo" option.
    4. Check the "admin:repo_hook" option.
    5. Click the "Generate token" button. The generated token is displayed.
    6. Copy this token and replace the existing one in the "GitAdminToken.pat" file in the LazyStackSettings folder.
  7. Generate CodeBuild Account PAT
    1. Click on the Generate new token button. The "Confirm access" page appears. Note: GitHub may request your password at this point, provide it if requested. The "New personal access token" page appears"
    2. Enter a descriptive note, ex: "New AWS CodeBuild Access".
    3. Check the "repo" option.
    4. Check the "admin:repo_hook" option.
    5. Click the "Generate token" button. The generated token is displayed.
    6. Copy this token and replace the existing one in the "GitCodeBuildToken.pat" file in the LazyStackSettings folder.

  8. CD into the LazyStackSettings folder and run:
    ..\LazyStackSMF\LzConfigure.ps1

  9. Back in the GitHub console, delete the old Personal Access Tokens.

  10. Sign out of the GitHub account.