how to generate Access key & secret key for AWS roles

amazon-web-services amazon-iam
11,846

Solution 1

An IAM Role can only be used by an IAM User. This is because the User needs to authenticate to AWS to prove that they are that user. This will then provide IAM User credentials.

If you then wish to use a role, you can use the User credentials to call Use-STSRole, which will assume the role and return a set of credentials associated with the Role. (Note: The credentials will expire after a period of time, typically one hour.)

For more details, see: Switching to an IAM Role (Tools for Windows PowerShell)

Solution 2

You do not generate IAM Access Key / Secret Key for roles. AWS generates these for you and makes them available in the instance's metadata.

The AWS Tools for Windows PowerShell will automatically extract the access key / secret key from the instance's metadata if you have installed PowerShell and the AWS Tools correctly.

This link will provide more information about PowerShell and IAM Roles:

IAM Roles for EC2

[Update after new comment]

If your goal is to generate IAM access keys for a new user, login to the AWS console, go to IAM, go to users, Add User, click "Programmatic access", then Set permissions for the user and finish by creating the user. On the next screen will be the access keys. You need to download (or copy) the Secret access key as it will NOT be shown again.

For an existing user, click on the user, click on the "Security credentials" tab, then click the "Create access key" button. Copy or download the keys. Note: You cannot access previously created access keys. If you have lost the secret access key, then you have to generate new ones.

Managing Access Keys for Your AWS Account

Share:
11,846
Admin
Author by

Admin

Updated on July 30, 2022

Comments

  • Admin
    Admin over 1 year

    I want to manage the my AWS environment using PowerShell. We are getting access through IAM roles. I am facing trouble to generate the Access key & secret key for my IAM role. Can someone guide me how can i generate these keys.

  • Admin
    Admin over 6 years
    Hi John, We are trying to connect our AWS from our local machine. We are member of one LDAP directory group by which are getting access to AWS console. We will require Access key & Secret to make connection to AWS. Kindly guide me how can i generate these keys step by step.
  • Admin
    Admin over 6 years
    When i am using this command, it is giving below error: Use-STSRole : No credentials specified or obtained from persisted/shell defaults.
  • John Rotenstein
    John Rotenstein over 6 years
    Correct. You need to provide credentials from an IAM User to call that function. Otherwise, anyone in the world could do it and gain access to the system. Merely having a role is not sufficient, unless you are running directly on an EC2 instance.
  • Nico Haase
    Nico Haase about 4 years
    Please add some explanation to your answer such that others can learn from it

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

An error occurred: Policy document should not specify a principal
Invoke an AWS lambda across regions
Unable to find .aws directory
clone AWS codecommit repo via HTTP
How do I get AWS cross-account KMS keys to work?
Attach policy to a IAM Role
Is it possible to get the canonical user id from AWS IAM users, from the .NET API?
What permission am I missing for AWS Glue and Development Endpoint?
Use terrform to update a KMS Key Policy
How can we fetch IAM users, their groups and policies?