Note: You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . lightsail ]



Creates a new access key for the specified Amazon Lightsail bucket. Access keys consist of an access key ID and corresponding secret access key.

Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the GetBucketAccessKeys action to get a list of current access keys for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide .


The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.


--bucket-name <value>
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]


--bucket-name (string)

The name of the bucket that the new access key will belong to, and grant access to.

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.


accessKey -> (structure)

An object that describes the access key that is created.

accessKeyId -> (string)

The ID of the access key.

secretAccessKey -> (string)

The secret access key used to sign requests.

You should store the secret access key in a safe location. We recommend that you delete the access key if the secret access key is compromised.

status -> (string)

The status of the access key.

A status of Active means that the key is valid, while Inactive means it is not.

createdAt -> (timestamp)

The timestamp when the access key was created.

lastUsed -> (structure)

An object that describes the last time the access key was used.


This object does not include data in the response of a CreateBucketAccessKey action. If the access key has not been used, the region and serviceName values are N/A , and the lastUsedDate value is null.

lastUsedDate -> (timestamp)

The date and time when the access key was most recently used.

This value is null if the access key has not been used.

region -> (string)

The AWS Region where this access key was most recently used.

This value is N/A if the access key has not been used.

serviceName -> (string)

The name of the AWS service with which this access key was most recently used.

This value is N/A if the access key has not been used.

operations -> (list)

An array of objects that describe the result of the action, such as the status of the request, the timestamp of the request, and the resources affected by the request.


Describes the API operation.

id -> (string)

The ID of the operation.

resourceName -> (string)

The resource name.

resourceType -> (string)

The resource type.

createdAt -> (timestamp)

The timestamp when the operation was initialized (e.g., 1479816991.349 ).

location -> (structure)

The Amazon Web Services Region and Availability Zone.

availabilityZone -> (string)

The Availability Zone. Follows the format us-east-2a (case-sensitive).

regionName -> (string)

The AWS Region name.

isTerminal -> (boolean)

A Boolean value indicating whether the operation is terminal.

operationDetails -> (string)

Details about the operation (e.g., Debian-1GB-Ohio-1 ).

operationType -> (string)

The type of operation.

status -> (string)

The status of the operation.

statusChangedAt -> (timestamp)

The timestamp when the status was changed (e.g., 1479816991.349 ).

errorCode -> (string)

The error code.

errorDetails -> (string)

The error details.