Menu
Root Access Keys provide unlimited access to your AWS resources. It's not recommended to use them in normal situations. AWS recommends to delete existing Root Access Keys and create IAM user and Access Keys limited to specific service or resource (see below).
Aug 26, 2013 Expand the Access Keys section, and then click Create New Root Key. To create a new secret access key for an IAM user, open the IAM console. Click Users in the Details pane, click the appropriate IAM user, and then click Create Access Key on the Security Credentials tab. Note: If you already have the maximum of two access keys.
- To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.
- Creating CMKs (Console) Sign in to the AWS Management Console and open the AWS Key Management Service (AWS KMS). To change the AWS Region, use the Region selector in the upper-right corner of the page. In the navigation pane, choose Customer managed keys. Choose Create key. Type an alias.
- An access key grants programmatic access to your resources. This means that the access key should be guarded as carefully as the AWS account root user sign-in credentials. It's a best practice to do the following: Create an IAM user and then define that user's permissions as narrowly as possible. Create the access key under that IAM user.
- If you create your own key pair using the command line, follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length. If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2. Add a new user to the EC2 Linux.
- Allow AWS users to create their own first access key. Ask Question. Except that it seems AWS CLI requires an access key to login (which my users don't have yet, I want them to create their access key themselves). As a work around, I create the access key for them, and then ask them to change it, but it's quite cumbersome.
To Delete Root Access Keys
1. Type https://aws.amazon.com/ in your web browser
2. Click My Account, AWS Management Console
3. Enter your account email address and password:
Enter Account Email
4. Type the IAM in the search box and choose the IAM service from the drop-down list.
Open the IAM Dashboard
You will be redirected to IAM Dashboard
5. Navigate to Security Status and expand the Delete your root access keys section.
6. Click Manage Security Credentials
Click Continue To Security Credentials
7. Click Continue to Security Credentials
Your Security Credentials page will open
8. Expand the Access Keys (access key id and secret acces key) section
9. Click the Delete link next to your access keys row.
Confirm Access Keys Deletion
10. Confirm Access Keys deletion.
11. Your Root Access Keys are deleted. Now you can create IAM user and Access Keys limited to specific service or resource (see below).
Be sure to replace your root access keys with your IAM access keys in any programs/scripts you are currently using.
You use access keys with API calls to allow the call to proceed. Without an access key, AWS rejects any requests made. Access keys come in two parts: public and secret. To safeguard your setup, the private key must remain private. During the creation process, you download both keys. Make sure you keep them in a safe place.
- Go to Amazon’s Console.
You see the Identity and Access Management (IAM) Console. - Click Groups in the Navigation pane.You see an option for creating a new group.
- Click Create New Group.AWS asks you to provide a group name.
- Type a group name and click Next Step.
AWS asks you to attach a policy to the group. Normally you choose a policy that provides just the level of access required by that group. However, when working in a production environment, remember to use policies carefully. - Select AdministratorAccess and click Next Step.You see a Review page where you can review the group’s settings.
- Click Create Group.
The group is now ready for use. You see it in the Groups tab of the IAM Console. However, you still need to create a user account to obtain the required access keys. - Select Users in the Navigation pane.
You see the Users tab of the IAM Console. - Click Add User.AWS asks you to provide a username. Note that this page also provides the means for configuring the kind of user access.
- Type a username.AWS lets you add more than one user at a time, as long as both users have the same requirements.
- Select both Access Type entries.Your choice here will depend on your needs.
- Configure the password settings for the user you want to create.The default is to autogenerate a password and then require the user to change it during the next login. Because you want to create an account for yourself, you can save time by creating a custom password and deselecting the option that requires the user to change the password during the next login.
- Click Next: Permissions.AWS asks you to set permission for the user.
- Choose Add User to Group and then select the Developers entry in the list of groups shown.
- Click Next: Review.
AWS shows you the configuration for your user. - Click Create User.
AWS generates the user and the user’s access key. - Click Download .CSV.
Your browser downloads a .CSV file containing the public and secret keys for your user account. Keep these keys in a safe location.
Get Aws Access Key
You can create new access keys as needed by accessing the user’s entry on the Users tab of the IAM Console and choosing the Security Credentials tab of the individual user’s account. The Security Credentials tab contains a Create Access Key in the Access Keys area. Every time you create a new access key, you have the option of downloading a .CSV file containing the public and secret keys. To remove an existing key, click the X next to that key’s entry on the Security Credentials tab.