The Amazon SDK for Java 1.x has entered maintenance mode as of July 31, 2024,
and will reach end-of-support
Managing IAM Access Keys
Creating an Access Key
To create an IAM access key, call the AmazonIdentityManagementClientcreateAccessKey
method with an CreateAccessKeyRequest object.
CreateAccessKeyRequest
has two constructors — one that takes a user name and another with no parameters. If you use the version that takes no parameters, you must set the user name using the withUserName
setter method before passing it to the createAccessKey
method.
Imports
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.CreateAccessKeyRequest; import com.amazonaws.services.identitymanagement.model.CreateAccessKeyResult;
Code
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); CreateAccessKeyRequest request = new CreateAccessKeyRequest() .withUserName(user); CreateAccessKeyResult response = iam.createAccessKey(request);
See the complete example
Listing Access Keys
To list the access keys for a given user, create a ListAccessKeysRequest object that contains the user name to list keys for, and pass it to the AmazonIdentityManagementClient’s listAccessKeys
method.
Note
If you do not supply a user name to listAccessKeys
, it will attempt to list access keys associated with the Amazon Web Services account that signed the request.
Imports
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.AccessKeyMetadata; import com.amazonaws.services.identitymanagement.model.ListAccessKeysRequest; import com.amazonaws.services.identitymanagement.model.ListAccessKeysResult;
Code
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); boolean done = false; ListAccessKeysRequest request = new ListAccessKeysRequest() .withUserName(username); while (!done) { ListAccessKeysResult response = iam.listAccessKeys(request); for (AccessKeyMetadata metadata : response.getAccessKeyMetadata()) { System.out.format("Retrieved access key %s", metadata.getAccessKeyId()); } request.setMarker(response.getMarker()); if (!response.getIsTruncated()) { done = true; } }
The results of listAccessKeys
are paged (with a default maximum of 100 records per call). You can call getIsTruncated
on the returned ListAccessKeysResult object to see if the query returned fewer results then are available. If so, then call setMarker
on the ListAccessKeysRequest
and pass it back to the next invocation of listAccessKeys
.
See the complete example
Retrieving an Access Key’s Last Used Time
To get the time an access key was last used, call the AmazonIdentityManagementClient’s getAccessKeyLastUsed
method with the access key’s ID (which can be passed in using a GetAccessKeyLastUsedRequest object, or directly to the overload that takes the access key ID directly.
You can then use the returned GetAccessKeyLastUsedResult object to retrieve the key’s last used time.
Imports
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.GetAccessKeyLastUsedRequest; import com.amazonaws.services.identitymanagement.model.GetAccessKeyLastUsedResult;
Code
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); GetAccessKeyLastUsedRequest request = new GetAccessKeyLastUsedRequest() .withAccessKeyId(access_id); GetAccessKeyLastUsedResult response = iam.getAccessKeyLastUsed(request); System.out.println("Access key was last used at: " + response.getAccessKeyLastUsed().getLastUsedDate());
See the complete example
Activating or Deactivating Access Keys
You can activate or deactivate an access key by creating an UpdateAccessKeyRequest object, providing the access key ID, optionally the user name, and the desired Status, then passing the request object to the AmazonIdentityManagementClient’s updateAccessKey
method.
Imports
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.UpdateAccessKeyRequest; import com.amazonaws.services.identitymanagement.model.UpdateAccessKeyResult;
Code
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); UpdateAccessKeyRequest request = new UpdateAccessKeyRequest() .withAccessKeyId(access_id) .withUserName(username) .withStatus(status); UpdateAccessKeyResult response = iam.updateAccessKey(request);
See the complete example
Deleting an Access Key
To permanently delete an access key, call the AmazonIdentityManagementClient’s deleteKey
method, providing it with a DeleteAccessKeyRequest containing the access key’s ID and username.
Note
Once deleted, a key can no longer be retrieved or used. To temporarily deactivate a key so that it can be activated again later, use updateAccessKey method instead.
Imports
import com.amazonaws.services.identitymanagement.AmazonIdentityManagement; import com.amazonaws.services.identitymanagement.AmazonIdentityManagementClientBuilder; import com.amazonaws.services.identitymanagement.model.DeleteAccessKeyRequest; import com.amazonaws.services.identitymanagement.model.DeleteAccessKeyResult;
Code
final AmazonIdentityManagement iam = AmazonIdentityManagementClientBuilder.defaultClient(); DeleteAccessKeyRequest request = new DeleteAccessKeyRequest() .withAccessKeyId(access_key) .withUserName(username); DeleteAccessKeyResult response = iam.deleteAccessKey(request);
See the complete example
More Information
-
CreateAccessKey
in the IAM API Reference -
ListAccessKeys
in the IAM API Reference -
GetAccessKeyLastUsed
in the IAM API Reference -
UpdateAccessKey
in the IAM API Reference -
DeleteAccessKey
in the IAM API Reference