Menu
AWS SDK for JavaScript
Developer Guide for SDK version 2.122.0

Managing IAM Access Keys


                                        Relationship between JavaScript environments, the SDK, and Lambda

This Node.js example shows you how to manage the access keys of your users.

The Scenario

Users need their own access keys to make programmatic calls to AWS from the SDK for JavaScript. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key, its status is Active, which means the user can use the access key for API calls.

In this example, a series of Node.js modules are used manage access keys in IAM. The Node.js modules use the SDK for JavaScript to manage IAM access keys using these methods of the AWS.IAM client class:

For more information about IAM access keys, see Access Keys in the IAM User Guide.

Prerequisite Tasks

To set up and run this example, you must first complete these tasks:

Configuring the SDK

Configure the SDK for JavaScript by creating a global configuration object, setting the region, and providing credentials for your code. In this example, the credentials are provided using the JSON file you created.

Copy
// Load the SDK for JavaScript var AWS = require('aws-sdk'); // Load credentials and set the region from the JSON file AWS.config.loadFromPath('./config.json');

Creating Access Keys for a User

Create a Node.js module with the file name iam_createaccesskeys.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to create new access keys, which includes IAM user's name. Call the createAccessKey method of the AWS.IAM service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load credentials and set region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); iam.createAccessKey({UserName: 'IAM_USER_NAME'}, function(err, data) { if (err) { throw err; } else { console.log("Success", data.AccessKey); } });

To run the example, type the following at the command line. Be sure to pipe the returned data to a text file in order not to lose the secret key, which can only be provided once.

Copy
node iam_createaccesskeys.js > newuserkeys.txt

This sample code can be found here on GitHub.

Listing a User's Access Keys

Create a Node.js module with the file name iam_listaccesskeys.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to retrieve the user's access keys, which includes IAM user's name and optionally the maximum number of access key pairs you want listed. Call the listAccessKeys method of the AWS.IAM service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load the credentials and set region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); var params = { MaxItems: 5, UserName: 'IAM_USER_NAME' }; iam.listAccessKeys(params, function(err, data) { if (err) { throw err; } else { console.log("Success", data); } });

To run the example, type the following at the command line.

Copy
node iam_listaccesskeys.js

This sample code can be found here on GitHub.

Getting the Last Use for Access Keys

Create a Node.js module with the file name iam_accesskeylastused.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to create new access keys, which is the access key ID for which you want the last use information. Call the getAccessKeyLastUsed method of the AWS.IAM service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load the credentials and set region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); iam.getAccessKeyLastUsed({AccessKeyId: 'ACCESS_KEY_ID'}, function(err, data) { if (err) { throw err; } else { console.log("Last Access Key used: " + data.AccessKeyLastUsed); } });

To run the example, type the following at the command line.

Copy
node iam_accesskeylastused.js

This sample code can be found here on GitHub.

Updating Access Key Status

Create a Node.js module with the file name iam_updateaccesskey.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to update the status of an access keys, which includes the access key ID and the updated status. The status can be Active or Inactive. Call the updateAccessKey method of the AWS.IAM service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load the credentials and set region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); var params = { AccessKeyId: 'ACCESS_KEY_ID', Status: 'Active', UserName: 'USER_NAME' }; iam.updateAccessKey(params, function(err, data) { if (err) { throw err; } else { console.log('Access Key updated.'); } });

To run the example, type the following at the command line.

Copy
node iam_updateaccesskey.js

This sample code can be found here on GitHub.

Deleting Access Keys

Create a Node.js module with the file name iam_deleteaccesskey.js. Be sure to configure the SDK as previously shown. To access IAM, create an AWS.IAM service object. Create a JSON object containing the parameters needed to delete access keys, which includes the access key ID and the name of the user. Call the deleteAccessKey method of the AWS.IAM service object.

Copy
// Load the AWS SDK for Node.js var AWS = require('aws-sdk'); // Load the credentials and set region from JSON file AWS.config.loadFromPath('./config.json'); // Create the IAM service object var iam = new AWS.IAM({apiVersion: '2010-05-08'}); var params = { AccessKeyId: 'ACCESS_KEY_ID', UserName: 'USER_NAME' }; iam.deleteAccessKey(params, function(err, data) { if (err) { throw err); } else { console.log("Success", data); } });

To run the example, type the following at the command line.

Copy
node iam_deleteaccesskey.js

This sample code can be found here on GitHub.