Last updated: Sep 27, 2021
Reading time·5 min
The Access key ID and Secret Access key values are the security credentials AWS uses to verify your identity and grant or deny you access to specific resources.
In an AWS account, you have:
This article shows how to:
Root AWS account
IAM AWS accounts
Access Key Id
and Secret access key
for your root
account be aware that these keys grant permissions to perform any action on all resources in your account.In order to get an Access Key ID and Secret Access Key for your Root AWS account:
My Security Credentials
AWS IAM credentials
tab scroll down to the Access keys
section and
click on the Create access key
buttonAccess Key ID
and Secret Access Key
, you will not be able to retrieve the Secret access key
value again.Using credentials associated with an IAM account is the recommended way to access AWS resources because you can control the permissions of an IAM user, whereas the root account permits any action on all resources in the account.
In order to get an Access Key ID and Secret Access Key for an IAM AWS account:
Users
Security Credentials
tab, scroll down to the Access keys
section and click on Create access key
Download the file with the Access key id and Secret access key. Note that the Secret Access Key can only be retrieved at the moment of creation.
If you don't have an IAM user you have to create one. Click on the
Add users
button.
On the user creation page:
Access key - Programmatic access
checkbox - it enables the
creation of Access Key ID and Secret Access Key for the userPassword - AWS Management Console access
and set
a password for the userNext: Permissions
button. This is the step when you have to
decide what your IAM user is allowed to do. Often IAM users are used as
replacement for the Root AWS account and need administrative permissions.AdministratorAccess
policy to the user, which grants less permissions that the root account, but still enables you to work with all services.AdministratorAccess
policy, click on
Attach existing policies directly
and filter for AdministratorAccess
in
the search field.Click on Next: Tags
, then click on Next: Review
and finally click on
Create user
The user's Access Key ID and Secret access key will be shown on the screen. Make sure to download the file with the credentials because the Secret access key is only shown this one time
If your credentials get exposed, for instance, you upload them to a remote repository with public access, you have to immediately deactivate and delete them.
If another person has access to your AWS Access Key ID and Secret Access Key, they can provision resources in your account and get you a massive bill, e.g. for bitcoin mining.
To deactivate and delete your AWS Security Credentials:
Security Credentials
and scroll down to the Access keys
sectionMake inactive
to deactivate your credentials and then delete themYou can learn more about the related topics by checking out the following tutorials: