Can I create a AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY with an IAM user?

Question

When logged in as root, I visted the "My Security Credentials" tab in order to create the Access Key ID and Key. I see a big message that states:

As described in a previous announcement, you cannot retrieve the existing secret access keys for your AWS root account, though you can still create a new root access key at any time. As a best practice, we recommend creating an IAM user that has access keys rather than relying on root access keys.

Fine, so I create an IAM Group with Administrative Privilege and then I create an IAM User and add the IAM User to the Group. Then I log in as the IAM User. Then I visit 'My Security Credentials'. But this time there is no screen allowing me to create a new Access Key. Instead it just allows me to change my password. So how am I supposed to create the Access ID and Key as an IAM User?

Luke Waite Luke Waite · Accepted Answer · 2017-05-04T02:22:49

When logged in as an IAM user the "My Security Credentials" link in the user menu only allows you to change your password.

Instead follow these steps to generate new access keys for an IAM user:

Visit IAM in the AWS Console
Select Users, and then the desired user
In the "Security Credentials" tab of the IAM user, you will find a section allowing you to generate a new set of keys.

It is worth noting, that as this is an operation being performed against a given IAM user, you do not need to be logged in as that user to generate keys. Any authorized user such as the root user, or another properly authorized IAM user can perform these actions.

These steps are described in further detail in the following IAM documentation page: Creating, Modifying, and Viewing Access Keys (AWS Management Console)

Can I create a AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY with an IAM user?

2 Answers