The Infisical AWS IAM dynamic secret allows you to generate AWS IAM Users on demand based on a configured AWS policy. Infisical supports several authentication methods to connect to your AWS account, including assuming an IAM Role, using IAM Roles for Service Accounts (IRSA) on EKS, or static Access Keys.

Prerequisite

Infisical needs an AWS IAM principal (a user or a role) with the required permissions to create and manage other IAM users. This principal will be responsible for the lifecycle of the dynamically generated users.

Set up Dynamic Secrets with AWS IAM

Audit or Revoke Leases

Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. This will allow you to see the lease details and delete the lease ahead of its expiration time.

Renew Leases

To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the Renew button as illustrated below.

Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret