AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::IAM::AccessKey resource type generates a secret access key and assigns it to an IAM user or AWS account.

This type supports updates. For more information about updating stacks, see AWS CloudFormation Stacks Updates.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type": "AWS::IAM::AccessKey", "Properties": { "Serial": Integer, "Status": String, "UserName": String } }


Type: AWS::IAM::AccessKey Properties: Serial: Integer Status: String UserName: String



This value is specific to AWS CloudFormation and can only be incremented. Incrementing this value notifies AWS CloudFormation that you want to rotate your access key. When you update your stack, AWS CloudFormation will replace the existing access key with a new key.

Required: No

Type: Integer

Update requires: Replacement


The status of the access key. By default, AWS CloudFormation sets this property value to Active.

Required: No

Type: String

Valid values: Active or Inactive

Update requires: No interruption


The name of the user that the new key will belong to.

Required: Yes

Type: String

Update requires: Replacement

Return Values


Specifying this resource ID to the intrinsic Ref function will return the AccessKeyId. For example: AKIAIOSFODNN7EXAMPLE.

For more information about using the Ref function, see Ref.


Fn::GetAtt returns a value for a specified attribute of this type. The following are the available attributes and sample return values.


Returns the secret access key for the specified AWS::IAM::AccessKey resource. For example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY.

For more information about using Fn::GetAtt, see Fn::GetAtt.

Template Examples

To view AWS::IAM::AccessKey snippets, see Declaring an IAM Access Key Resource.