Reputation: 153
how to generate Access key & secret key for AWS roles
I want to manage the my AWS environment using PowerShell. We are getting access through IAM roles. I am facing trouble to generate the Access key & secret key for my IAM role. Can someone guide me how can i generate these keys.
Upvotes: 13
Views: 46754
Answers (3)
Reputation: 29
According to AWS Doc there is a way through API:
TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` \
&& curl -H "X-aws-ec2-metadata-token: $TOKEN" –v http://169.254.169.254/latest/meta-data/iam/security-credentials/*role_name*
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
Upvotes: 1
Reputation: 269151
An IAM Role can only be used by an IAM User. This is because the User needs to authenticate to AWS to prove that they are that user. This will then provide IAM User credentials.
If you then wish to use a role, you can use the User credentials to call Use-STSRole, which will assume the role and return a set of credentials associated with the Role. (Note: The credentials will expire after a period of time, typically one hour.)
For more details, see: Switching to an IAM Role (Tools for Windows PowerShell)
Upvotes: 3
Reputation: 81336
You do not generate IAM Access Key / Secret Key for roles. AWS generates these for you and makes them available in the instance's metadata.
The AWS Tools for Windows PowerShell will automatically extract the access key / secret key from the instance's metadata if you have installed PowerShell and the AWS Tools correctly.
This link will provide more information about PowerShell and IAM Roles:
[Update after new comment]
If your goal is to generate IAM access keys for a new user, login to the AWS console, go to IAM, go to users, Add User, click "Programmatic access", then Set permissions for the user and finish by creating the user. On the next screen will be the access keys. You need to download (or copy) the Secret access key as it will NOT be shown again.
For an existing user, click on the user, click on the "Security credentials" tab, then click the "Create access key" button. Copy or download the keys. Note: You cannot access previously created access keys. If you have lost the secret access key, then you have to generate new ones.
Managing Access Keys for Your AWS Account
Upvotes: 3
Related Questions
- How to assign IAM role to users or groups
- creating iam user and aws secrets via iam:passrole
- Managing AWS IAM Pass Role Permissions
- Log in to AWS using Access Key ID and Secret Access Key ID
- aws access key id and secret access key
- AWS access/secret keys for Amazon Simple AD users
- How to map AWS ACCESS KEY to IAM user?
- Get a users roles having their aws access key (or can I use IAM roles in my business logic)
- How can I create IAM Roles for Amazon EC2?
- assume IAM roles using user name and password