How do you manage AWS S3 API keys for different products?

Do you use the same set of API keys across different products? (seems insecure)

Or do you use the IAM Management Console to create separate users for each app? How do you configure your groups/roles/users/policies?

did you take a look for hashicorp vault?…

No, but from first glance it looks like overkill. I'm trying to simplify my keys rather than further complicate :D