The AWS SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the AWS SDK for JavaScript version 3 (V3).
Managing IAM access keys
This Node.js code example shows:
How to manage the access keys of your users.
The scenario
Users need their own access keys to make programmatic calls to AWS from the SDK for JavaScript. To fill this need, you can create, modify,
view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key,
its status is Active, which means the user can use the access key for API calls.
In this example, a series of Node.js modules are used manage access keys in IAM.
The Node.js modules use the SDK for JavaScript to manage IAM access keys using these methods of
the IAM client class:
For more information about IAM access keys, see Access keys in the IAM User Guide.
Prerequisite tasks
To set up and run this example, you must first complete these tasks:
-
Set up the project environment to run these Node TypeScript examples, and install the required AWS SDK for JavaScript and third-party modules. Follow the instructions on GitHub
. -
Create a shared configurations file with your user credentials. For more information about providing a shared credentials file, see Loading credentials in Node.js from the shared credentials file.
These examples demonstrate how to import/export client service objects and command using ECMAScript6 (ES6).
This requires Node.js version 13.x or higher. To download and install the latest version of Node.js, see Node.js downloads.
. If you prefer to use CommonJS syntax, see JavaScript ES6/CommonJS syntax.
Creating access keys for a user
Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it,
which creates the IAM client object. Replace REGION with your AWS Region.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };
This example code can be found here on GitHub
Create a Node.js module with the file name iam_createaccesskeys.js.
Be sure to configure the SDK as previously shown, including downloading the required
clients and packages. Create a JSON object containing the parameters needed to create new access
keys, which includes IAM user's name. Call the CreateAccessKeyCommand
method of the IAM client service object.
Replace IAM_USER_NAME with the IAM user name.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { CreateAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters. export const params = {UserName: "IAM_USER_NAME"}; //IAM_USER_NAME export const run = async () => { try { const data = await iamClient.send(new CreateAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();
To run the example, enter the following at the command prompt. Be sure to pipe the returned data to a text file in order not to lose the secret key, which can only be provided once.
node iam_createaccesskeys.js >newuserkeysV3.txt
This example code can be found here on GitHub
Listing a user's access keys
Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it,
which creates the IAM client object. Replace REGION with your AWS Region.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };
This example code can be found here on GitHub
Create a Node.js module with the file name iam_listaccesskeys.js. Be
sure to configure the SDK as previously shown, including downloading the required
clients and packages. Create a JSON object containing the parameters needed to retrieve the user's
access keys, which includes IAM user's name and optionally the maximum number of
access key pairs listed. Call the ListAccessKeysCommand method
of the IAM client service object.
Replace IAM_USER_NAME with the IAM user name.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { ListAccessKeysCommand } from "@aws-sdk/client-iam"; // Set the parameters. export const params = { MaxItems: 5, UserName: "IAM_USER_NAME", //IAM_USER_NAME }; export const run = async () => { try { const data = await iamClient.send(new ListAccessKeysCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();
To run the example, enter the following at the command prompt.
node iam_listaccesskeys.js
This example code can be found here on GitHub
Getting the last use for access keys
Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it,
which creates the IAM client object. Replace REGION with your AWS Region.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };
This example code can be found here on GitHub
Create a Node.js module with the file name iam_accesskeylastused.js.
Be sure to configure the SDK as previously shown, including downloading the required
clients and packages. Create a JSON object containing the parameters needed to create new access keys,
which is the access key ID for which the last use information. Call the
GetAccessKeyLastUsedCommand method of the IAM service
object.
Replace ACCESS_KEY_ID with the access key ID for which the the last use information.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { GetAccessKeyLastUsedCommand } from "@aws-sdk/client-iam"; // Set the parameters. export const params = { AccessKeyId: "ACCESS_KEY_ID" }; //ACCESS_KEY_ID export const run = async () => { try { const data = await iamClient.send(new GetAccessKeyLastUsedCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();
To run the example, enter the following at the command prompt.
node iam_accesskeylastused.js
This example code can be found here on GitHub
Updating access key status
Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it,
which creates the IAM client object. Replace REGION with your AWS Region.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };
This example code can be found here on GitHub
Create a Node.js module with the file name iam_updateaccesskey.js. Be
sure to configure the SDK as previously shown, including downloading the required
clients and packages. Create a JSON object containing the parameters needed to update the status
of an access keys, which includes the access key ID and the updated status. The
status can be Active or Inactive. Call the
updateAccessKey method of the IAM client service
object.
Replace ACCESS_KEY_ID the access key ID and the updated
status, and USER_NAME with the name of the
user.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { UpdateAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters. export const params = { AccessKeyId: "ACCESS_KEY_ID", //ACCESS_KEY_ID Status: "Active", UserName: "USER_NAME", //USER_NAME }; export const run = async () => { try { const data = await iamClient.send(new UpdateAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();
To run the example, enter the following at the command prompt.
node iam_updateaccesskey.js
This example code can be found here on GitHub
Deleting access keys
Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it,
which creates the IAM client object. Replace REGION with your AWS Region.
import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; // For example, "us-east-1". // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };
This example code can be found here on GitHub
Create a Node.js module with the file name iam_deleteaccesskey.js. Be
sure to configure the SDK as previously shown, including downloading the required
clients and packages. Create a JSON object containing the parameters needed to delete access keys,
which includes the access key ID and the name of the user. Call the
DeleteAccessKeyCommand method of the IAM client
service object.
Replace ACCESS_KEY_ID with your access key ID, and
USER_NAME with the user name.
// Import required AWS SDK clients and commands for Node.js. import { iamClient } from "./libs/iamClient.js"; import { DeleteAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters. export const params = { AccessKeyId: "ACCESS_KEY_ID", // ACCESS_KEY_ID UserName: "USER_NAME", // USER_NAME }; export const run = async () => { try { const data = await iamClient.send(new DeleteAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();
To run the example, enter the following at the command prompt.
node iam_deleteaccesskey.js
This example code can be found here on GitHub
