Create Lightsail bucket access keys - Amazon Lightsail

Create Lightsail bucket access keys

Use access keys to create a set of credentials that grant full access to a bucket and its objects. You can configure access keys on your software or plugin so that it can have full read and write access to a bucket using the AWS APIs, and AWS SDKs. You can also configure access keys on the AWS CLI.

Access keys consist of an access key ID and a secret access key as a set. The secret access key is visible only when you create it. If your secret access key is copied, is lost, or becomes compromised, you should delete your access key and create a new one. You can have a maximum of two access keys per bucket. Even though you can have two, having one access key for your bucket is useful when you need to rotate the key. To rotate an access key, create a new one, configure it on your software and test it, and then delete the earlier key. After you delete an access key, it's gone forever and can't be restored. It can only be replaced with a new access key.

For more information about permission options, see Bucket permissions. For more information about security best practices, see Security Best Practices for object storage. For more information about buckets, see Object storage.

Create access keys for a bucket

Complete the following procedure to create access keys for a bucket.

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose the Storage tab.

  3. Choose the name of the bucket for which you want to configure access permissions.

  4. Choose the Permissions tab.

    The Access keys section of the page displays the existing access keys for the bucket, if any.

  5. Choose Create access key to create a new access key for the bucket.


    You can also choose to delete an existing access key by choosing the trash bin icon for the key you want to delete.

  6. In the prompt that appears, choose Yes, create to confirm that you want to create a new access key. Otherwise, choose No, cancel.

  7. In the success prompt that appears, make a note of the access key ID.

  8. Choose Show secret access key to view the secret access key, and make a note of it. The secret access key will not be shown again.


    Store your access key ID and secret access key in a secure location. If it becomes compromised, you should delete it and create a new one.

  9. Choose Continue to finish.

    The new access key is listed in the Access keys section of the page. If your access key becomes compromised, or lost, delete it and create a new one.


    The Last used column displayed next to each access key identifies when the key was last used. A dash is displayed when the key has not been used. Expand the access key node to view the service and AWS Region where the key was last used.