Managing IAM access keys - AWS SDK for JavaScript

Help us improve the AWS SDK for JavaScript version 3 (V3) documentation by providing feedback using the Feedback link, or create an issue or pull request on GitHub.

The AWS SDK for JavaScript V3 API Reference Guide describes in detail all the API operations for the AWS SDK for JavaScript version 3 (V3).

Managing IAM access keys

JavaScript code example that applies to Node.js execution

This Node.js code example shows:

  • How to manage the access keys of your users.

The scenario

Users need their own access keys to make programmatic calls to AWS from the SDK for JavaScript. To fill this need, you can create, modify, view, or rotate access keys (access key IDs and secret access keys) for IAM users. By default, when you create an access key, its status is Active, which means the user can use the access key for API calls.

In this example, a series of Node.js modules are used manage access keys in IAM. The Node.js modules use the SDK for JavaScript to manage IAM access keys using these methods of the IAM client class:

For more information about IAM access keys, see Access keys in the IAM User Guide.

Prerequisite tasks

To set up and run this example, you must first complete these tasks:

  • Set up the project environment to run these Node TypeScript examples, and install the required AWS SDK for JavaScript and third-party modules. Follow the instructions on GitHub.

  • Create a shared configurations file with your user credentials. For more information about providing a shared credentials file, see Loading credentials in Node.js from the shared credentials file.

Important

These examples demonstrate how to import/export client service objects and command using ECMAScript6 (ES6).

Creating access keys for a user

Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it, which creates the IAM client object. Replace REGION with your AWS Region.

import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; //e.g. "us-east-1" // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };

This example code can be found here on GitHub.

Create a Node.js module with the file name iam_createaccesskeys.js. Be sure to configure the SDK as previously shown, including downloading the required clients and packages. Create a JSON object containing the parameters needed to create new access keys, which includes IAM user's name. Call the CreateAccessKeyCommand method of the IAM client service object.

Note

Replace IAM_USER_NAME with the IAM user name.

// Import required AWS SDK clients and commands for Node.js import { iamClient } from "./libs/iamClient.js"; import { CreateAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters const params = {UserName: "IAM_USER_NAME"}; //IAM_USER_NAME const run = async () => { try { const data = await iamClient.send(new CreateAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt. Be sure to pipe the returned data to a text file in order not to lose the secret key, which can only be provided once.

node iam_createaccesskeys.js > newuserkeysV3.txt

This example code can be found here on GitHub.

Listing a user's access keys

Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it, which creates the IAM client object. Replace REGION with your AWS Region.

import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; //e.g. "us-east-1" // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };

This example code can be found here on GitHub.

Create a Node.js module with the file name iam_listaccesskeys.js. Be sure to configure the SDK as previously shown, including downloading the required clients and packages. Create a JSON object containing the parameters needed to retrieve the user's access keys, which includes IAM user's name and optionally the maximum number of access key pairs listed. Call the ListAccessKeysCommand method of the IAM client service object.

Note

Replace IAM_USER_NAME with the IAM user name.

// Import required AWS SDK clients and commands for Node.js import { iamClient } from "./libs/iamClient.js"; import { ListAccessKeysCommand } from "@aws-sdk/client-iam"; // Set the parameters const params = { MaxItems: 5, UserName: "IAM_USER_NAME", //IAM_USER_NAME }; const run = async () => { try { const data = await iamClient.send(new ListAccessKeysCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node iam_listaccesskeys.js

This example code can be found here on GitHub.

Getting the last use for access keys

Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it, which creates the IAM client object. Replace REGION with your AWS Region.

import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; //e.g. "us-east-1" // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };

This example code can be found here on GitHub.

Create a Node.js module with the file name iam_accesskeylastused.js. Be sure to configure the SDK as previously shown, including downloading the required clients and packages. Create a JSON object containing the parameters needed to create new access keys, which is the access key ID for which the last use information. Call the GetAccessKeyLastUsedCommand method of the IAM service object.

Note

Replace ACCESS_KEY_ID with the access key ID for which the the last use information.

// Import required AWS SDK clients and commands for Node.js import { iamClient } from "./libs/iamClient.js"; import { GetAccessKeyLastUsedCommand } from "@aws-sdk/client-iam"; // Set the parameters const params = { AccessKeyId: "ACCESS_KEY_ID" }; //ACCESS_KEY_ID const run = async () => { try { const data = await iamClient.send(new GetAccessKeyLastUsedCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node iam_accesskeylastused.js

This example code can be found here on GitHub.

Updating access key status

Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it, which creates the IAM client object. Replace REGION with your AWS Region.

import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; //e.g. "us-east-1" // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };

This example code can be found here on GitHub.

Create a Node.js module with the file name iam_updateaccesskey.js. Be sure to configure the SDK as previously shown, including downloading the required clients and packages. Create a JSON object containing the parameters needed to update the status of an access keys, which includes the access key ID and the updated status. The status can be Active or Inactive. Call the updateAccessKey method of the IAM client service object.

Note

Replace ACCESS_KEY_ID the access key ID and the updated status, and USER_NAME with the name of the user.

// Import required AWS SDK clients and commands for Node.js import { iamClient } from "./libs/iamClient.js"; import { UpdateAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters const params = { AccessKeyId: "ACCESS_KEY_ID", //ACCESS_KEY_ID Status: "Active", UserName: "USER_NAME", //USER_NAME }; const run = async () => { try { const data = await iamClient.send(new UpdateAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node iam_updateaccesskey.js

This example code can be found here on GitHub.

Deleting access keys

Create a libs directory, and create a Node.js module with the file name iamClient.js. Copy and paste the code below into it, which creates the IAM client object. Replace REGION with your AWS Region.

import { IAMClient } from "@aws-sdk/client-iam"; // Set the AWS Region. const REGION = "REGION"; //e.g. "us-east-1" // Create an IAM service client object. const iamClient = new IAMClient({ region: REGION }); export { iamClient };

This example code can be found here on GitHub.

Create a Node.js module with the file name iam_deleteaccesskey.js. Be sure to configure the SDK as previously shown, including downloading the required clients and packages. Create a JSON object containing the parameters needed to delete access keys, which includes the access key ID and the name of the user. Call the DeleteAccessKeyCommand method of the IAM client service object.

Note

Replace ACCESS_KEY_ID with your access key ID, and USER_NAME with the user name.

// Import required AWS SDK clients and commands for Node.js import { iamClient } from "./libs/iamClient.js"; import { DeleteAccessKeyCommand } from "@aws-sdk/client-iam"; // Set the parameters const params = { AccessKeyId: "ACCESS_KEY_ID", // ACCESS_KEY_ID UserName: "USER_NAME", // USER_NAME }; const run = async () => { try { const data = await iamClient.send(new DeleteAccessKeyCommand(params)); console.log("Success", data); return data; } catch (err) { console.log("Error", err); } }; run();

To run the example, enter the following at the command prompt.

node iam_deleteaccesskey.js

This example code can be found here on GitHub.