If you want to be able to control your AWS resources on your local computer you will either use AWS CLI or AWS SDK. To use those tools, you will need to have an Access Key ID and a Secret Access Key.
In this post, we will show you how you can generate your own Access Keys so you can programmatically access your AWS resources.
For the instructions later the target username that I want to create Access Keys is rabano. Yours will be different.
Follow the instructions below to generate the Access Key ID and Secret Access Key of your IAM user in AWS.
Step-by-Step Instruction on how to create Access Keys in AWS
#1
Inside the AWS Console, go to Identity and Access Management (IAM) – https://console.aws.amazon.com/iam/home.
#2
On the left sidebar, click on Users.
#3
Search for your target username, then click the user name from the list.
#4
In the IAM user’s summary, click on the Security credentials tab.
Then click Create access key. This will then generate your Access Key ID and Secret Access Key.
#5
The Access key ID is immediately shown. If you want to see the Secret access key click on Show.
Note: This is the only time that you will see the secret access key, so be sure to note this somewhere.
You may also click Download .csv file. This will download a csv file containing your Access key ID and Secret access key.
Below are the contents of the .csv file that I got.
Now that you have the Access key ID and the Secret access key, you may now use it to access AWS programmatically using AWS CLI or AWS SDK in your laptop.
Minimum IAM Permission Required to generate Access Keys
Below is the least privileged IAM policy if you want to generate, deactivate and delete the access keys of only your IAM user.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListUsers",
"Effect": "Allow",
"Action": "iam:ListUsers",
"Resource": "*"
},
{
"Sid": "ViewUserDetails",
"Effect": "Allow",
"Action": "iam:GetUser",
"Resource": "arn:aws:iam::*:user/${aws:username}"
},
{
"Sid": "AccessKeyActions",
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:ListAccessKeys",
"iam:UpdateAccessKey",
"iam:DeleteAccessKey"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
]
}
Below is the IAM policy if you want to do the same actions as above, but for all IAM users.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ViewUserDetails",
"Effect": "Allow",
"Action": [
"iam:ListUsers",
"iam:GetUser"
],
"Resource": "*"
},
{
"Sid": "AccessKeyActions",
"Effect": "Allow",
"Action": [
"iam:CreateAccessKey",
"iam:ListAccessKeys",
"iam:UpdateAccessKey",
"iam:DeleteAccessKey"
],
"Resource": "*"
}
]
}
We hope that this helps you generate your AWS Access Keys. Let us know what you experienced in the comments below.