Even having long lived access keys and secret keys anywhere is insecure.
There really isn’t a need for them. If you are running the application on any AWS compute - EC2, Lambda, ECS, EKS, etc, there is an IAM role attached to the VM that gives code permission to run.
On the client facing side, it should be connected to your Orgs SSO solution so when a person leaves the company, you deactivate the user in one place.
Besides, I can’t think of any organization of even 2 people that isn’t already using Office365/OneDrive or Google/GSuite with plenty of shared storage. The cost per seat for either is $6 - $25 per user.
