From IAM to “I’m In”: AWS Bedrock Introduces New API Keys

On July 8, 2025, AWS announced the availability of API keys for Amazon Bedrock, removing the previous requirement of IAM roles and user credentials. Developers can now generate API keys directly from the Bedrock console, significantly simplifying access to Amazon’s generative AI models without complex IAM configuration. Check out AWS’s full announcement and the detailed documentation.

Why It Matters: Developer Speed vs. Security

For developers, this release is a major win. API keys streamline the onboarding process, eliminating the friction of setting up IAM roles or user access policies. AWS provides two types of keys:

• Short-term keys: Valid for up to 12 hours, ideal for production environments requiring frequent credential rotation.
• Long-term keys: Customizable expiration dates, including the risky option of no expiration, convenient for quick development but problematic for security.

However, easier access comes with new challenges. They behave just as a new type of non-human identity (NHI), potentially bypassing traditional IAM visibility and control mechanisms. If not properly managed, API keys can quickly proliferate, get hardcoded into repos, logs or pipelines. What starts as a convenient shortcut can rapidly transform into a long-term security risk.

A New Kind of Key, a Familiar Kind of Trouble

Bedrock API keys aren’t just another generic token, they grant direct access to powerful generative AI capabilities across different large language models. Compromised or leaked keys can allow unauthorized actors to leverage these models for malicious purposes, from unauthorized information disclosure to costly resource misuse. Long-lived, unmanaged keys introduce vulnerabilities and compliance concerns, becoming persistent exposures hidden in plain sight.

Our recent Entro Labs research into LLMjacking demonstrated how attackers rapidly exploit compromised AWS IAM credentials, often within minutes, to leverage Generative AI services like Amazon Bedrock, amplifying both reputational and financial risks. These new API keys are just as susceptible to LLMjacking attacks.

Observation: An interesting property of Amazon Bedrock’s new API keys is that the key name is embedded directly in the Base64-encoded token. In the example above, decoding the string reveals the key name BedrockAPIKey-mkut-at-116********, which also includes the AWS account ID.

This detail can be leveraged for attribution and enrichment during incident response and detection.

How Entro Secures Your Bedrock Keys

At Entro, we’ve already updated our detection stack to cover these new Bedrock API keys. Our platform automatically discovers Bedrock API keys wherever they might be hiding, in code repositories, CI/CD pipelines, logs, or even collaboration platforms like Slack and Jira. Once detected, Entro decodes it, attributes ownership to specific individuals or teams, ensuring immediate remediation and clear accountability.

Entro also proactively alerts you when keys lack defined expiration dates or approach their expiration, enforcing timely rotation and significantly reducing risk exposure.

Don’t Just Generate, Govern: Secrets Hygiene for the GenAI Era

To keep your GenAI development secure, follow these best practices:

• Prefer the short-term keys in production to limit exposure.
• Always set explicit expiration dates for long-term keys and rotate regularly.
• Continuously audit and remove keys that are no longer actively used.
• Leverage a dedicated NHI management and detection platform, such as Entro, to maintain visibility and oversight of these keys across your entire tech stack.

As the pace of innovation accelerates, our security practices must adapt accordingly. Entro ensures your organization can innovate securely, keeping the focus on growth, not risk.