To successfully send requests to AWS APIs, you need to have a valid set of security credentials called access keys. These access keys have two parts:

  • Access key ID example: AKIAIOSFODNN7EXAMPLE
  • Secret access key example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Access keys are primarily used by AWS for two purposes:

  • Check who sent the API request.
  • Determine if that user is allowed to do what they're asking to do.

On this page, we walk you through the necessary steps for generating an access key ID and secret access key pair for your account.

Access keys are tied to a specific AWS account (often referred to as a root account). If you already have an AWS account, you can skip this section and continue in the "Create Access Keys" section.

If you don't have an AWS account, you'll need to create one before you'll be able to create access keys. New AWS customers are eligible for 12 months of our Free Usage Tier.

Create Free Account »

For security purposes, the account creation process requires a valid credit card and phone number.

Creating access keys and managing their permissions is done through the AWS Identity and Access Management (IAM) console. It is a best practice to create individual users to access your AWS account and never share the root account credentials with anyone else. Follow these steps to create a demo user that is capable of accessing only a subset of the account's resources.

1.    Go to the IAM console.

2.    From the main page, click Create a New Group of Users.

3.    In the window that appears, type in a group name (such as sdk_demo_access) and then click Continue.

4.    From the Select Policy Template section, find Amazon S3 Full Access and then click Select.

  • If you already know you'll need access to a different service, select a different policy template or create your own.

5.    The next window shows you what the raw IAM policy looks like. For the purpose of this demo, accept the default policy and click Continue.

6.    Make sure the Create New Users tab is selected, and then type in a username (such as sdk_demo) in the first text box.

7.    Leave Generate an access key for each User checked. This is necessary for creating our access keys.

8.    Click Continue.

9.    Review the new group and user list for errors, and then click Continue.

10.    The last window contains the actual access keys. Click Download Credentials and save the file to a safe location.

11.    When you are finished, click Close Window.

For more information, see Creating an Admins Group Using the Console in the IAM User Guide.