AWS::IAM::AccessKey - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::IAM::AccessKey

Creates a new Amazon secret access key and corresponding Amazon access key ID for the specified user. The default status for new keys is Active.

For information about quotas on the number of keys you can create, see IAM and Amazon STS quotas in the IAM User Guide.

Important

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can rotate access keys by increasing the value of the serial property.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::IAM::AccessKey", "Properties" : { "Serial" : Integer, "Status" : String, "UserName" : String } }

YAML

Type: AWS::IAM::AccessKey Properties: Serial: Integer Status: String UserName: String

Properties

Serial

This value is specific to CloudFormation and can only be incremented. Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.

Required: No

Type: Integer

Update requires: Replacement

Status

The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.

Required: No

Type: String

Allowed values: Active | Inactive

Update requires: No interruption

UserName

The name of the IAM user that the new key will belong to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Required: Yes

Type: String

Pattern: [\w+=,.@-]+

Minimum: 1

Maximum: 128

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the AccessKeyId. For example: AKIAIOSFODNN7EXAMPLE.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

SecretAccessKey

Returns the secret access key for the specified AWS::IAM::AccessKey resource. For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.

See also