CreateServiceSpecificCredential - AWS Identity and Access Management
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsExamplesSee Also

CreateServiceSpecificCredential

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for AWS CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Using IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access keys in the IAM User Guide.

Request Syntax

{
   "ServiceName": "string",
   "UserName": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ServiceName

The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

Type: String

Required: Yes

UserName

The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Response Syntax

{
   "ServiceSpecificCredential": { 
      "CreateDate": number,
      "ServiceName": "string",
      "ServicePassword": "string",
      "ServiceSpecificCredentialId": "string",
      "ServiceUserName": "string",
      "Status": "string",
      "UserName": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ServiceSpecificCredential

A structure that contains information about the newly created service-specific credential.

Important

This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.

Type: ServiceSpecificCredential object

Errors

For information about the errors that are common to all actions, see Common Errors.

LimitExceededException

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

HTTP Status Code: 400

NoSuchEntityException

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 400

ServiceNotSupportedException

The specified service does not support service-specific credentials.

HTTP Status Code: 400

Examples

Example

In the following example, the caller creates service-specific credentials for the IAM user named Anika in account 123456789012. The credentials can be used only with the AWS service associated with the service endpoint at codecommit.amazonaws.com .

Sample Request

https://iam.amazonaws.com/?Action=CreateServiceSpecificCredential
&UserName=Anika
&ServiceName=codecommit.amazonaws.com
&Version=2010-05-08
&AUTHPARAMS

Sample Response

<CreateServiceSpecificCredentialResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
  <CreateServiceSpecificCredentialResult>
    <ServiceSpecificCredential>
      <ServicePassword>xTBAr/czp+D3EXAMPLE47lrJ6/43r2zqGwR3EXAMPLE=</ServicePassword>
      <ServiceName>codecommit.amazonaws.com</ServiceName>
      <UserName>anika</UserName>
      <ServiceUserName>anika+1-at-123456789012</ServiceUserName>
      <ServiceSpecificCredentialId>ACCA12345ABCDEXAMPLE</ServiceSpecificCredentialId>
      <Status>Active</Status>
      <CreateDate>2016-11-01T17:47:22.382Z</CreateDate>
    </ServiceSpecificCredential>
  </CreateServiceSpecificCredentialResult>
  <ResponseMetadata>
    <RequestId>EXAMPLE8-90ab-cdef-fedc-ba987EXAMPLE</RequestId>
  </ResponseMetadata>
</CreateServiceSpecificCredentialResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: