Managing IAM Access Keys - Amazon SDK for JavaScript
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

We announced the upcoming end-of-support for Amazon SDK for JavaScript v2. We recommend that you migrate to Amazon SDK for JavaScript v3. For dates, additional details, and information on how to migrate, please refer to the linked announcement.

Managing IAM Access Keys

JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to manage the access keys of your users.

The Scenario

Users need their own access keys to make programmatic calls to Amazon from the SDK for JavaScript. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key, its status is Active, which means the user can use the access key for API calls.

In this example, a series of Node.js modules are used manage access keys in IAM. The Node.js modules use the SDK for JavaScript to manage IAM access keys using these methods of the AWS.IAM client class:

For more information about IAM access keys, see Access Keys in the IAM User Guide.

Prerequisite Tasks

To set up and run this example, you must first complete these tasks:

Creating Access Keys for a User

Create a Node.js module with the file name iam_createaccesskeys.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to create new access keys, which includes IAM user's name. Call the createAccessKey method of the AWS.IAM service object.

// Load the AWS SDK for Node.js var AWS = require("aws-sdk"); // Set the region AWS.config.update({ region: "REGION" }); // Create the IAM service object var iam = new AWS.IAM({ apiVersion: "2010-05-08" }); iam.createAccessKey({ UserName: "IAM_USER_NAME" }, function (err, data) { if (err) { console.log("Error", err); } else { console.log("Success", data.AccessKey); } });

To run the example, type the following at the command line. Be sure to pipe the returned data to a text file in order not to lose the secret key, which can only be provided once.

node iam_createaccesskeys.js > newuserkeys.txt

This sample code can be found here on GitHub.

Listing a User's Access Keys

Create a Node.js module with the file name iam_listaccesskeys.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to retrieve the user's access keys, which includes IAM user's name and optionally the maximum number of access key pairs you want listed. Call the listAccessKeys method of the AWS.IAM service object.

// Load the AWS SDK for Node.js var AWS = require("aws-sdk"); // Set the region AWS.config.update({ region: "REGION" }); // Create the IAM service object var iam = new AWS.IAM({ apiVersion: "2010-05-08" }); var params = { MaxItems: 5, UserName: "IAM_USER_NAME", }; iam.listAccessKeys(params, function (err, data) { if (err) { console.log("Error", err); } else { console.log("Success", data); } });

To run the example, type the following at the command line.

node iam_listaccesskeys.js

This sample code can be found here on GitHub.

Getting the Last Use for Access Keys

Create a Node.js module with the file name iam_accesskeylastused.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to create new access keys, which is the access key ID for which you want the last use information. Call the getAccessKeyLastUsed method of the AWS.IAM service object.

// Load the AWS SDK for Node.js var AWS = require("aws-sdk"); // Set the region AWS.config.update({ region: "REGION" }); // Create the IAM service object var iam = new AWS.IAM({ apiVersion: "2010-05-08" }); iam.getAccessKeyLastUsed( { AccessKeyId: "ACCESS_KEY_ID" }, function (err, data) { if (err) { console.log("Error", err); } else { console.log("Success", data.AccessKeyLastUsed); } } );

To run the example, type the following at the command line.

node iam_accesskeylastused.js

This sample code can be found here on GitHub.

Updating Access Key Status

Create a Node.js module with the file name iam_updateaccesskey.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to update the status of an access keys, which includes the access key ID and the updated status. The status can be Active or Inactive. Call the updateAccessKey method of the AWS.IAM service object.

// Load the AWS SDK for Node.js var AWS = require("aws-sdk"); // Set the region AWS.config.update({ region: "REGION" }); // Create the IAM service object var iam = new AWS.IAM({ apiVersion: "2010-05-08" }); var params = { AccessKeyId: "ACCESS_KEY_ID", Status: "Active", UserName: "USER_NAME", }; iam.updateAccessKey(params, function (err, data) { if (err) { console.log("Error", err); } else { console.log("Success", data); } });

To run the example, type the following at the command line.

node iam_updateaccesskey.js

This sample code can be found here on GitHub.

Deleting Access Keys

Create a Node.js module with the file name iam_deleteaccesskey.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to delete access keys, which includes the access key ID and the name of the user. Call the deleteAccessKey method of the AWS.IAM service object.

// Load the AWS SDK for Node.js var AWS = require("aws-sdk"); // Set the region AWS.config.update({ region: "REGION" }); // Create the IAM service object var iam = new AWS.IAM({ apiVersion: "2010-05-08" }); var params = { AccessKeyId: "ACCESS_KEY_ID", UserName: "USER_NAME", }; iam.deleteAccessKey(params, function (err, data) { if (err) { console.log("Error", err); } else { console.log("Success", data); } });

To run the example, type the following at the command line.

node iam_deleteaccesskey.js

This sample code can be found here on GitHub.