Access Keys Are Hardcoded on the EC2 Box. Just Rotate Them?
An app on EC2 authenticates to AWS with long-lived IAM user keys in a config file. One leaked. Defend the real fix.
the decision you defend
Your app on EC2 talks to AWS using long-lived IAM user access keys stored in a config file on the instance, and one set just leaked. A teammate says generate new keys and paste them in. Do you agree, and what should you do instead?
the situation
Your application runs on EC2 and calls AWS services using an access key id and secret stored in a config file on the instance. Those keys just turned up somewhere they should not have, so they are considered leaked.
context
The keys belong to an IAM user created long ago for this app. They have broad permissions and have never been rotated. A teammate wants to deactivate the leaked pair, create a new access key, drop it into the same config file, and move on. The instance currently allows IMDSv1.
How this challenge works
Take a position on the decision above and defend it. A senior-engineer AI will push back over up to 4 rounds. When you are done, you are scored against a verified rubric so you can see exactly what a complete answer covers - these are learning prompts, not gotchas.