From daebd8bfdc4967f0fb54b9ed776171d095b4d9aa Mon Sep 17 00:00:00 2001
From: Mike DiDomizio <mikedidomizio@gmail.com>
Date: Sat, 2 Mar 2024 10:03:41 -0500
Subject: [PATCH 1/2] Add detection of other AWS access key id prefixes

---
 detect_secrets/plugins/aws.py |  2 +-
 tests/plugins/aws_key_test.py | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py
index ee822b6f7..3676bda80 100644
--- a/detect_secrets/plugins/aws.py
+++ b/detect_secrets/plugins/aws.py
@@ -25,7 +25,7 @@ class AWSKeyDetector(RegexBasedDetector):
     secret_keyword = r'(?:key|pwd|pw|password|pass|token)'
 
     denylist = (
-        re.compile(r'AKIA[0-9A-Z]{16}'),
+        re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'),
 
         # This examines the variable name to identify AWS secret tokens.
         # The order is important since we want to prefer finding `AKIA`-based
diff --git a/tests/plugins/aws_key_test.py b/tests/plugins/aws_key_test.py
index 6174a857c..9139c9dd6 100644
--- a/tests/plugins/aws_key_test.py
+++ b/tests/plugins/aws_key_test.py
@@ -32,6 +32,22 @@ def setup(self):
                 'AKIAZZZ',
                 False,
             ),
+            (
+                'A3T0ZZZZZZZZZZZZZZZZ',
+                True,
+            ),
+            (
+                'ABIAZZZZZZZZZZZZZZZZ',
+                True,
+            ),
+            (
+                'ACCAZZZZZZZZZZZZZZZZ',
+                True,
+            ),
+            (
+                'ASIAZZZZZZZZZZZZZZZZ',
+                True,
+            ),
             (
                 'aws_access_key = "{}"'.format(EXAMPLE_SECRET),
                 True,

From 2ff569a5f5270c5d60ddc5a8bc25086f8a4c1613 Mon Sep 17 00:00:00 2001
From: Mike DiDomizio <mikedidomizio@gmail.com>
Date: Sat, 2 Mar 2024 10:21:46 -0500
Subject: [PATCH 2/2] Update comment to be access keys and not specifically
 AKIA

---
 detect_secrets/plugins/aws.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detect_secrets/plugins/aws.py b/detect_secrets/plugins/aws.py
index 3676bda80..94af367de 100644
--- a/detect_secrets/plugins/aws.py
+++ b/detect_secrets/plugins/aws.py
@@ -28,7 +28,7 @@ class AWSKeyDetector(RegexBasedDetector):
         re.compile(r'(?:A3T[A-Z0-9]|ABIA|ACCA|AKIA|ASIA)[0-9A-Z]{16}'),
 
         # This examines the variable name to identify AWS secret tokens.
-        # The order is important since we want to prefer finding `AKIA`-based
+        # The order is important since we want to prefer finding access
         # keys (since they can be verified), rather than the secret tokens.
 
         re.compile(