Bootstrap FreeKB - Amazon Web Services (AWS) - Create IAM Access Keys using the AWS CLI
Amazon Web Services (AWS) - Create IAM Access Keys using the AWS CLI
Updated:   |  Amazon Web Services (AWS) articles

This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

  • IAM (Identity and Access Management) Roles contains one or more IAM Policies - Often, a Role will have two Policies.
  • An IAM Policy is JSON that is used to list the principals (users / groups / service accounts) that are allowed or denied to do something (such as listing) on certain resources (such as S3 Buckets).

The aws iam list-users command can be used to list the IAM users that have been created.

~]$ aws iam list-users
{
    "Users": [
        {
            "Path": "/",
            "UserName": "john.doe",
            "UserId": "AIDAABCDL76GLUA6B21234",
            "Arn": "arn:aws:iam::123456789012:user/john.doe",
            "CreateDate": "2022-09-13T11:13:03+00:00"
        }
    ]
}

 

The aws iam list-access-keys command can be used to list the access key ID associated with a user.

~]$ aws iam list-access-keys --user-name john.doe
{
    "AccessKeyMetadata": [
        {
            "UserName": "john.doe",
            "AccessKeyId": "AKIA2MABCD6GDQ1234RY",
            "Status": "Active",
            "CreateDate": "2022-09-13T11:13:04+00:00"
        }
    ]
}

 

An access key has two "parts:, the key ID and the key value. You can only get the key ID. If you lose the key value, also known as the Secret Key, you'll probably just need to delete the access key. 

~]$ aws iam delete-access-key --access-key-id AKIA2MABCD6GDQ1234RY --user-name john.doe

 

The aws iam delete-access-key command is a bit strange in that no output will be returned so you may want to reissue the list-access-keys command just to ensure the access key was deleted.

~]$ aws iam list-access-keys --user-name john.doe
{
    "AccessKeyMetadata": []
}

 

And then use the aws iam create-access-key command to create a new access key. Notice that the output will include both the access key ID and value. Make note of the value!

~]$ aws iam create-access-key --user-name john.doe
{
    "AccessKey": {
        "UserName": "john.doe",
        "AccessKeyId": "AKIAABDCL76GBNCJ1235",
        "Status": "Active",
        "SecretAccessKey": "Fd0vB55rDXABCDB3wVUnkE1234vx+dgI1234HQqC",
        "CreateDate": "2023-03-22T01:55:29+00:00"
    }
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter ffad1c in the box below so that we can be sure you are a human.