Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Creating access keys for the root user
Although we don't recommend it, you can create access keys for your root user so that you can
run commands in the Amazon Command Line Interface (Amazon CLI) or use API operations from one of the Amazon SDKs using
root user credentials. When you create access keys, you create the access key ID and secret
access key as a set. During access key creation, Amazon gives you one opportunity to view and
download the secret access key part of the access key. If you don't download it or if you lose
it, you can delete the access key and then create a new one. You can create root user access keys
with the console, Amazon CLI, or Amazon API.
A newly created access key has the status of active, which means that
you can use the access key for CLI and API calls. You can assign up to two access keys to the
root user.
Access keys that are not in use should be inactivated. Once an access key is inactive, you
can't use it for API calls. Inactive keys still count toward your limit. You can create or
delete an access key any time. However, when you delete an access key, it's gone forever and
can't be retrieved.
- Amazon Web Services Management Console
-
To create an access key for the Amazon Web Services account root user
To perform the following steps, you must have at least the following IAM permissions:
Use your Amazon Web Services account's email address and password to sign in to
the Getting Started with the Amazon Web Services Management Console as your Amazon Web Services account root user.
-
In the upper right corner of the console, choose your account name or number and
then choose Security Credentials.
-
In the Access keys section, choose Create access
key. If this option is not available, then you already have the maximum
number of access keys. You must delete one of the existing access keys before you
can create a new key. For more information, see IAM
Object Quotas.
-
On the Alternatives to root user access keys page, review
the security recommendations. To continue, select the check box, and then choose
Create access key.
-
On the Retrieve access key page, your Access
key ID is displayed.
-
Under Secret access key, choose Show
and then copy the access key ID and secret key from your browser window and paste it
somewhere secure. Alternatively, you can choose Download .csv
file which will download a file named rootkey.csv that
contains the access key ID and the secret key. Save the file somewhere safe.
-
Choose Done. When you no longer need the access key we recommend that you delete it,
or at least consider deactivating it so that no one can misuse it.
- Amazon CLI & SDKs
-
To create an access key for the root user
To run the following command or API operation as the root user, you must already
have one active access key pair. If you don't have any access keys, create the first
access key using the Amazon Web Services Management Console. Then, you can use the credentials from that first
access key with the Amazon CLI to create the second access key, or to delete an access
key.