AWS Access Keys

In order to connect to the AWS API to make certain required configuration changes, the AWS VPC Wizard will require you to have Access Keys to retrieve and modify your VPC configurations.

See also

You can find more information about AWS Security Credential, including Access Keys by reading AWS Security Credentials.

Access keys consist of two parts:

  1. An access key ID

    • For example, AKIAIOSFODNN7EXAMPLE.

  2. A secret access key

    • For example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.

Access keys are like a username/password and needed for programmatic requests to AWS, including the AWS VPC Wizard. You must use both the access key ID and secret access key together to authenticate your requests. Manage your access keys as securely as your user name and password.

Managing Access Keys

To create, modify, or delete your own IAM user access keys, do the following:

  1. Sign in to the IAM console.

  2. In the navigation bar on the upper right, choose your user name, and then choose My Security Credentials.

  3. On the AWS IAM Credentials tab, in the Access keys for CLI, SDK, and API access section, choose Create access key.

  4. Choose Download .csv file to save the access key ID and secret access key to a .csv file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this dialog box closes. After you have downloaded the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.

    • To disable an active access key, choose Make inactive.

    • To reenable an inactive access key, choose Make active.

    • To delete an access key, choose its X button at the far right of the row. Then choose Delete to confirm. When you delete an access key, it’s gone forever and cannot be retrieved. However, you can always create new keys.

To create, modify, or delete another IAM user’s access keys, do the following:

  1. Sign in to the IAM console.

  2. In the navigation pane, choose Users.

  3. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab.

  4. In the Access keys section, choose Create access key.

  5. Choose Download .csv file to save the access key ID and secret access key to a CSV file on your computer.

Rotating Access Keys

As a security best practice, we recommend that you regularly rotate (change) IAM user access keys. You can rotate access keys from the AWS Management Console.

To rotate access keys for an IAM user without interrupting your applications (console), create a second access key while the first access key is still active:

  1. Sign in to the IAM console.

  2. In the navigation pane, choose Users.

  3. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab.

  4. In the Access keys section, choose Create access key.

  5. Choose Download .csv file to save the access key ID and secret access key to a CSV file on your computer.

  6. The new access key is active by default. At this point, the user has two active access keys.

After you wait some period of time to ensure that all applications and tools have been updated, you can delete the first access key:

  1. Sign in to the IAM console.

  2. In the navigation pane, choose Users.

  3. Choose the name of the user whose access keys you want to manage, and then choose the Security credentials tab.

  4. Locate the access key to delete and choose its X button at the far right of the row. Then choose Delete to confirm.

Determining When Access Keys Need Rotating

To determine when access keys need rotating (console), do the following:

  1. Sign in to the IAM console.

  2. In the navigation pane, choose Users.

  3. If necessary, add the Access key age column to the users table by completing the following steps:

    1. Above the table on the far right, click the settings icon.

    2. In Manage columns, select Access key age.

    3. Choose Close to return to the list of users.

  4. The Access key age column shows the number of days since the oldest active access key was created. You can use this information to find users with access keys that need rotating. The column displays None for users with no access key.