本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
管理 IAM 存取金鑰
建立存取金鑰
若要建立 IAM 存取金鑰,請使用CreateAccessKeyRequestIamClient’screateAccessKey方法。
注意
您必須將區域設定為 AWS_GLOBAL 才能使IamClient呼叫運作,因為 IAM 是全域服務。
匯入
import software.amazon.awssdk.services.iam.model.CreateAccessKeyRequest; import software.amazon.awssdk.services.iam.model.CreateAccessKeyResponse; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.IamException;
Code
public static String createIAMAccessKey(IamClient iam,String user) { try { CreateAccessKeyRequest request = CreateAccessKeyRequest.builder() .userName(user).build(); CreateAccessKeyResponse response = iam.createAccessKey(request); String keyId = response.accessKey().accessKeyId(); return keyId; } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; }
請參閱(詳見)的完整實例
列出存取金鑰
若要列出指定使用者的存取金鑰,請建立包含要列出金鑰的使用者名稱的ListAccessKeysRequestIamClient’slistAccessKeys法。
注意
如果您沒有提供使用者名稱listAccessKeys,它會嘗試列出與簽署要求之相關聯的 AWS 帳戶 存取金鑰。
匯入
import software.amazon.awssdk.services.iam.model.AccessKeyMetadata; import software.amazon.awssdk.services.iam.model.IamException; import software.amazon.awssdk.services.iam.model.ListAccessKeysRequest; import software.amazon.awssdk.services.iam.model.ListAccessKeysResponse; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient;
Code
public static void listKeys( IamClient iam,String userName ){ try { boolean done = false; String newMarker = null; while (!done) { ListAccessKeysResponse response; if(newMarker == null) { ListAccessKeysRequest request = ListAccessKeysRequest.builder() .userName(userName).build(); response = iam.listAccessKeys(request); } else { ListAccessKeysRequest request = ListAccessKeysRequest.builder() .userName(userName) .marker(newMarker).build(); response = iam.listAccessKeys(request); } for (AccessKeyMetadata metadata : response.accessKeyMetadata()) { System.out.format("Retrieved access key %s", metadata.accessKeyId()); } if (!response.isTruncated()) { done = true; } else { newMarker = response.marker(); } } } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
listAccessKeys 的結果會分頁 (每個呼叫預設最多 100 個記錄)。您可以調用返回isTruncated的ListAccessKeysResponsemarker 上呼叫 ListAccessKeysResponse,並將它用於建立新的請求。在下次呼叫 listAccessKeys 時使用該新的請求。
請參閱(詳見)的完整實例
擷取上次使用存取金鑰的時間
要獲取上次使用訪問密鑰的時間,請使用訪問密鑰的 ID(可以使用GetAccessKeyLastUsedRequestIamClient’sgetAccessKeyLastUsed方法。
然後,您可以使用返回的GetAccessKeyLastUsedResponse
匯入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedRequest; import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedResponse; import software.amazon.awssdk.services.iam.model.IamException;
Code
public static void getAccessKeyLastUsed(IamClient iam, String accessId ){ try { GetAccessKeyLastUsedRequest request = GetAccessKeyLastUsedRequest.builder() .accessKeyId(accessId).build(); GetAccessKeyLastUsedResponse response = iam.getAccessKeyLastUsed(request); System.out.println("Access key was last used at: " + response.accessKeyLastUsed().lastUsedDate()); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } System.out.println("Done"); }
請參閱(詳見)的完整實例
啟用或停用存取金鑰
您可以透過建立UpdateAccessKeyRequestIamClient’supdateAccessKey方法 status
匯入
import software.amazon.awssdk.services.iam.model.IamException; import software.amazon.awssdk.services.iam.model.StatusType; import software.amazon.awssdk.services.iam.model.UpdateAccessKeyRequest; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient;
Code
public static void updateKey(IamClient iam, String username, String accessId, String status ) { try { if (status.toLowerCase().equalsIgnoreCase("active")) { statusType = StatusType.ACTIVE; } else if (status.toLowerCase().equalsIgnoreCase("inactive")) { statusType = StatusType.INACTIVE; } else { statusType = StatusType.UNKNOWN_TO_SDK_VERSION; } UpdateAccessKeyRequest request = UpdateAccessKeyRequest.builder() .accessKeyId(accessId) .userName(username) .status(statusType) .build(); iam.updateAccessKey(request); System.out.printf( "Successfully updated the status of access key %s to" + "status %s for user %s", accessId, status, username); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
請參閱(詳見)的完整實例
刪除存取金鑰
若要永久刪除存取金鑰,請呼叫IamClient’sdeleteKey方法,並提供DeleteAccessKeyRequest
注意
金鑰一旦刪除,就不能再擷取或使用。若要暫時停用金鑰,以便稍後再次啟用金鑰,請改用 updateAccessKeymethod。
匯入
import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.iam.IamClient; import software.amazon.awssdk.services.iam.model.DeleteAccessKeyRequest; import software.amazon.awssdk.services.iam.model.IamException;
Code
public static void deleteKey(IamClient iam ,String username, String accessKey ) { try { DeleteAccessKeyRequest request = DeleteAccessKeyRequest.builder() .accessKeyId(accessKey) .userName(username) .build(); iam.deleteAccessKey(request); System.out.println("Successfully deleted access key " + accessKey + " from user " + username); } catch (IamException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } }
請參閱(詳見)的完整實例
其他資訊
-
CreateAccessKey在 IAM API 參考資料中
-
ListAccessKeys在 IAM API 參考資料中
-
GetAccessKeyLastUsed在 IAM API 參考資料中
-
UpdateAccessKey在 IAM API 參考資料中
-
DeleteAccessKey在 IAM API 參考資料中
