AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::IAM::AccessKey resource type generates a secret access key and assigns it to an IAM user or AWS account.

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.


   "Type": "AWS::IAM::AccessKey",
   "Properties": {
      "Serial": Integer,
      "Status": String,
      "UserName": String



This value is specific to AWS CloudFormation and can only be incremented. Incrementing this value notifies AWS CloudFormation that you want to rotate your access key. When you update your stack, AWS CloudFormation will replace the existing access key with a new key.

Required: No

Type: Integer

Update requires: Replacement


The status of the access key.

Required: Yes

Type: String

Valid values: "Active" or "Inactive"

Update requires: No interruption


The name of the user that the new key will belong to.

Required: Yes

Type: String

Update requires: Replacement

Return Values


Specifying this resource ID to the intrinsic Ref function will return the AccessKeyId. For example: AKIAIOSFODNN7EXAMPLE.

For more information about using the Ref function, see Ref.


Fn::GetAtt returns a value for a specified attribute of this type. This section lists the available attributes and corresponding return values.


Returns the secret access key for the specified AWS::IAM::AccessKey resource. For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.

For more information about using Fn:GetAtt, see Fn::GetAtt.

Template Examples

To view AWS::IAM::AccessKey snippets, see Declaring an IAM Access Key Resource.