Mon Sep 27 2021·5 min read
Photo by Thomas Bjornstad
The Access key ID and Secret Access key values are the security credentials AWS uses to verify your identity and grant or deny you access to specific resources.
In an AWS account you have:
This article shows how to:
Root AWS account
IAM AWS accounts
Access Key Idand
Secret access keyfor your
rootaccount be aware that these keys grant permissions to perform any action on all resources in your account.
In order get an Access Key ID and Secret Access Key for your Root AWS account:
My Security Credentials
AWS IAM credentialstab scroll down to the
Access keyssection and click on the
Create access keybutton
Access Key IDand
Secret Access Key, you will not be able to retrieve the
Secret access keyvalue again.
In order to get an Access Key ID and Secret Access Key for an IAM AWS account:
Security Credentialstab, scroll down to the
Access keyssection and click on
Create access key
Download the file with the Access key id and Secret access key. Note that the Secret Access Key can only be retrieved at the moment of creation.
If you don't have an IAM user you have to create one. Click on the
Add users button.
On the user creation page:
Access key - Programmatic accesscheckbox - it enables creation of Access Key ID and Secret Access Key for the user
Password - AWS Management Console accessand set a password for the user
Next: Permissionsbutton. This is the step when you have to decide what your IAM user is allowed to do. Often IAM users are used as replacement for the Root AWS account and need administrative permissions.
AdministratorAccesspolicy to the user, which grants less permissions that the root account, but still enables you to work with all services.
AdministratorAccesspolicy, click on
Attach existing policies directlyand filter for
AdministratorAccessin the search field.
Next: Tags, then click on
Next: Review and finally click on
The user's Access Key ID and Secret access key will be shown on the screen. Make sure to download the file with the credentials, because the Secret access key is only shown this one time
If your credentials get exposed, for instance you upload them to a remote repository with public access, you have to immediately deactivate and delete them.
If another person has access to your AWS Access Key ID and Secret Access Key, they can provision resources in your account and get you a massive bill, e.g. for bitcoin mining.
To deactivate and delete your AWS Security Credentials:
Security Credentialsand scroll down to the
Make inactiveto deactivate your credentials and then delete them
I'll send you 1 email a week with links to all of the articles I've written that week