CreateBucketAccessKey - Amazon Lightsail


Creates a new access key for the specified Amazon Lightsail bucket. Access keys consist of an access key ID and corresponding secret access key.

Access keys grant full programmatic access to the specified bucket and its objects. You can have a maximum of two access keys per bucket. Use the GetBucketAccessKeys action to get a list of current access keys for a specific bucket. For more information about access keys, see Creating access keys for a bucket in Amazon Lightsail in the Amazon Lightsail Developer Guide.


The secretAccessKey value is returned only in response to the CreateBucketAccessKey action. You can get a secret access key only when you first create an access key; you cannot get the secret access key later. If you lose the secret access key, you must create a new access key.

Request Syntax

{ "bucketName": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name of the bucket that the new access key will belong to, and grant access to.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 54.

Pattern: ^[a-z0-9][a-z0-9-]{1,52}[a-z0-9]$

Required: Yes

Response Syntax

{ "accessKey": { "accessKeyId": "string", "createdAt": number, "lastUsed": { "lastUsedDate": number, "region": "string", "serviceName": "string" }, "secretAccessKey": "string", "status": "string" }, "operations": [ { "createdAt": number, "errorCode": "string", "errorDetails": "string", "id": "string", "isTerminal": boolean, "location": { "availabilityZone": "string", "regionName": "string" }, "operationDetails": "string", "operationType": "string", "resourceName": "string", "resourceType": "string", "status": "string", "statusChangedAt": number } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


An object that describes the access key that is created.

Type: AccessKey object


An array of objects that describe the result of the action, such as the status of the request, the timestamp of the request, and the resources affected by the request.

Type: Array of Operation objects


For information about the errors that are common to all actions, see Common Errors.


Lightsail throws this exception when the user cannot be authenticated or uses invalid credentials to access a resource.

HTTP Status Code: 400


Lightsail throws this exception when user input does not conform to the validation rules of an input field.


Domain and distribution APIs are only available in the N. Virginia (us-east-1) AWS Region. Please set your AWS Region configuration to us-east-1 to create, view, or edit these resources.

HTTP Status Code: 400


Lightsail throws this exception when it cannot find a resource.

HTTP Status Code: 400


A general service exception.

HTTP Status Code: 500


Lightsail throws this exception when the user has not been authenticated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: