The code currently only supports one Keychain item named "AWS," which violates minimum security profile policies by giving the same identity push rights to multiple S3/CloudFront deployment resources.

To allow custom AWS keys, an optional keychainItem property will be added to the contents.json file, defaulting to "AWS" if not specified.

The keychain command will gain a new --keychain-item option to write the Keychain data to the specified name.

From a security perspective, knowledge of the keychain item name does not reveal additional information.

print keychain --keychain-item PREVIEWDEPLOY __Access key ID__