|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
This section describes how to create and manage access keys and signing certificates (also known as X.509 certificates) for IAM users. Each user needs access keys (an access key ID and a secret access key) to make programmatic calls to AWS using the command-line interface (CLI), the AWS SDKs, or direct HTTP calls using the APIs for individual services.
Some services also support the use of signing certificates. For example:
Amazon EC2 originally supported the SOAP protocol for making service calls; SOAP-based calls use a signing certificate in order to digitally sign the requests. However, support for SOAP in Amazon EC2 is being deprecated, and we recommend that instead you use query requests. For more information, see Making API Requests in the Amazon Elastic Compute Cloud User Guide.
The command-line interfaces (CLI) for some services support both access keys and certificates. In these cases, we recommend that you configure the CLI using access keys.
Each user can have two sets of active keys and two certificates for the purposes of credential rotation. For more information about the number of allowed for IAM entities, see Limitations on IAM Entities.