Bootstrap FreeKB - Amazon Web Services (AWS) - Create IAM Access Keys using the AWS CLI
Amazon Web Services (AWS) - Create IAM Access Keys using the AWS CLI


This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

The aws iam list-users command can be used to list the IAM users that have been created.

~]$ aws iam list-users
{
    "Users": [
        {
            "Path": "/",
            "UserName": "john.doe",
            "UserId": "AIDAABCDL76GLUA6B21234",
            "Arn": "arn:aws:iam::123456789012:user/john.doe",
            "CreateDate": "2022-09-13T11:13:03+00:00"
        }
    ]
}

 

The aws iam list-access-keys command can be used to list the access key ID associated with a user.

~]$ aws iam list-access-keys --user-name john.doe
{
    "AccessKeyMetadata": [
        {
            "UserName": "john.doe",
            "AccessKeyId": "AKIA2MABCD6GDQ1234RY",
            "Status": "Active",
            "CreateDate": "2022-09-13T11:13:04+00:00"
        }
    ]
}

 

An access key has two "parts:, the key ID and the key value. You can only get the key ID. If you lose the key value, also known as the Secret Key, you'll probably just need to delete the access key. 

~]$ aws iam delete-access-key --access-key-id AKIA2MABCD6GDQ1234RY --user-name john.doe

 

The aws iam delete-access-key command is a bit strange in that no output will be returned so you may want to reissue the list-access-keys command just to ensure the access key was deleted.

~]$ aws iam list-access-keys --user-name john.doe
{
    "AccessKeyMetadata": []
}

 

And then use the aws iam create-access-key command to create a new access key. Notice that the output will include both the access key ID and value. Make note of the value!

~]$ aws iam create-access-key --user-name john.doe
{
    "AccessKey": {
        "UserName": "john.doe",
        "AccessKeyId": "AKIAABDCL76GBNCJ1235",
        "Status": "Active",
        "SecretAccessKey": "Fd0vB55rDXABCDB3wVUnkE1234vx+dgI1234HQqC",
        "CreateDate": "2023-03-22T01:55:29+00:00"
    }
}

 

And then use the aws configure set aws_access_key_id and aws configure set aws_secret_access_key commands to update your hidden .aws/credentials file with the Secret Key and Access Key.

aws configure set aws_access_key_id AKIAABDCL76GBNCJ1235 --profile john.doe
aws configure set aws_secret_access_key 4FGkm30sdf-0m234dfAVMAD2340-dsfaADV324df --profile john.doe

 

Now your hidden .aws/credentials file should contain something like this.

~]$ cat ~/.aws/credentials 
[john.doe]
aws_secret_access_key = 4FGkm30sdf-0m234dfAVMAD2340-dsfaADV324df
aws_access_key_id = AKIAABDCL76GBNCJ1235



Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter d258ab in the box below so that we can be sure you are a human.