How do you manage AWS S3 API keys for different products?

Do you use the same set of API keys across different products? (seems insecure)

Or do you use the IAM Management Console to create separate users for each app? How do you configure your groups/roles/users/policies?

Maker of WIP amongst other things.
code wins arguments

did you take a look for hashicorp vault?…

Maker of WIP amongst other things.

No, but from first glance it looks like overkill. I'm trying to simplify my keys rather than further complicate :D