S3Repo

Overview

Access keys, consisting of an access key ID and a secret access key, are crucial for programmatic access to AWS. They are used by applications, the AWS Command Line Interface (CLI), and SDKs to authenticate with AWS services. This guide shows you how to securely create and manage access keys for an IAM user.

Prerequisites

An active AWS account
An existing IAM user (not the root account)
Access to the IAM Management Console

Step 1: Access the IAM User

Navigate to the user you wish to create access keys for.

Sign in to the AWS Management Console
In the search bar, type "IAM" and select it from the dropdown
In the left-hand navigation pane, click on "Users"
Click on the user name from the list

Step 2: Create Access Keys

From the user's details page, you can generate new credentials.

Click on the "Security credentials" tab
Under "Access keys", click "Create access key"
Use Case: Select the use case for the access key (e.g., "Local code", "Third-party service"). This is for documentation purposes only.
Click "Create access key". AWS will generate an access key ID and a secret access key.

Important: This is the only time you can view or download the secret access key. Copy them or download the .csv file immediately and store them securely. If you lose the secret key, you cannot recover it; you must create a new one.

Security Best Practices

Do Not Share: Never share your secret access keys with anyone.
Environment Variables: Store keys in environment variables, not in your code.
Short-lived Credentials: Use IAM roles and temporary credentials when possible.
Rotate Keys: Regularly rotate your access keys to minimize risk.
Deactivate/Delete Keys: Deactivate or delete keys that are no longer in use.

Next Steps

You have successfully created access keys for your IAM user.

Configure the AWS CLI or an SDK using your new keys
Start making programmatic calls to AWS services
Remember to only grant the IAM user the permissions they need