AWS::IAM::AccessKey - Amazon CloudFormation
SyntaxPropertiesReturn valuesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::IAM::AccessKey

Creates a new Amazon secret access key and corresponding Amazon access key ID for the specified user. The default status for new keys is Active.

For information about quotas on the number of keys you can create, see IAM and Amazon STS quotas in the IAM User Guide.

Important

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can rotate access keys by increasing the value of the serial property.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::IAM::AccessKey",
  "Properties" : {
      "Serial" : Integer,
      "Status" : String,
      "UserName" : String
    }
}

YAML

Type: AWS::IAM::AccessKey
Properties:
  Serial: Integer
  Status: String
  UserName: String

Properties

Serial

This value is specific to CloudFormation and can only be incremented. Incrementing this value notifies CloudFormation that you want to rotate your access key. When you update your stack, CloudFormation will replace the existing access key with a new key.

Required: No

Type: Integer

Update requires: Replacement

Status

The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.

Required: No

Type: String

Allowed values: Active | Inactive | Expired

Update requires: No interruption

UserName

The name of the IAM user that the new key will belong to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Required: Yes

Type: String

Pattern: [\w+=,.@-]+

Minimum: 1

Maximum: 128

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the AccessKeyId. For example: AKIAIOSFODNN7EXAMPLE.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Id

The ID for this access key.

SecretAccessKey

Returns the secret access key for the specified AWS::IAM::AccessKey resource. For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.

See also