Tag Archives: Lost IAM access key

How to create a user with programmatic access in AWS

Leave a reply

A quick post with step by step procedure to create a new IAM user in AWS with programmatic access. Also, learn how to re-generate access keys.

IAM user creation!
  • Login to AWS IAM console
  • On the left navigation panel, click on the Users link.
  • On the right-hand side Users page click on the Add user button.
  • Add user screen should come up –
IAM Add user wizard.

Fill in details –

  • User name: User id
  • Access type:
    • Programmatic access: No access to AWS console. Use of keys for authentication. Console access can be enabled later.
    • AWS management console access: Access to AWS console Use of userid/password authentication. Programmatic access can be enabled later.
  • Click on the Next: Permissions button.
Setting user permissions
  • Set permissions
    • Add user to group
      • An efficient way to manage user permissions by making them members of the group. Apply policies/permissions to the group!
    • Copy permission from an existing user
      • If you want to have user same permission as another existing user in the same account.
    • Attach existing policies directly
      • Attach permission policy to user either AWS managed policy from the list given or by writing your own policy by clicking Create policy button.

For this exercise, I will choose an easy way by marking AWS managed Administrator access policy to users.

  • Set permission boundary
    • Define the maximum permissions this user can have. User’s permissions can not breach the boundary defined here. Again you can create your own or use AWS managed policy here.

Click on Next: Tags button

User tags

Add user tags for identification purpose and click on Next: Review button.

Review

Review all the configurations and click on Create user button.

IAM user created

User should be created and you should be seeing above screen.

From this screen, you can copy or download the keys required for AWS programmatic access.

Click on the Download .csv button to download the key pair. Or click on Show link under the Secret access key and then copy/save both the Access key ID and Secret access key. Once you navigate away from this page, you will not be able to retrieve the secret access key from anywhere. You need to recreate the pair for this user then.

You have successfully created an IAM user with programmatic access to AWS. You have access keys with you!

How to re-create IAM secret access keys?

As I mentioned above, if you lose the secret access key there is no way to retrieve it unless you saved it somewhere. But in such unfortunate incidents, you can re-create them using an AWS root account.

  • Login to AWS IAM console using the root account
  • On the left navigation panel, click on the Users link.
  • On the right-hand side users page, click on the user name whose keys needs to be regenerated
  • On users, summary page click on the Security credentials tab
Access keys in IAM console

It’s good practice to keep only one key pair active at a time so click on the Make inactive link for the existing key. You can keep it unless there is such a requirement. Click the Deactivate button on the pop-up. You can even delete this key 9if it does not have any dependency) by clicking a small x next to it.

Click on Create access key button to generate new key pair.

Create new access keys

New key pair will be generated and you will have a chance to download/copy save the secret access key again!