Creating AWS Access Keys

What we’re going to do today is create an Access Key ID, and a Secret Key ID for your AWS account.

This is also used for access to AWS Resources using the AWS CLI Tool.

To do this, you’ll need to have the CreateOwnAccessKeys Policy associated with your AWS Account.

If you’re currently in the root account, or have the AdministratorAccess AWS Managed policy attached to your account, this won’t be a problem.

You really shouldn’t be logged into the Root Account to perform routine Administrative Tasks.

One of the best ways to protect your account is to not have an access key for your AWS account root user. Unless you must have a root user access key (which is very rare), it is best not to generate one. Instead, the recommended best practice is to create one or more AWS Identity and Access Management (IAM) users, give them the necessary permissions, and use IAM users for everyday interaction with AWS.

Best Practices for Managing AWS Access Keys

If you only have a root account, you should create a new user asccount for yourself, associate it with the AdministratorAccess AWS Managed Policy, and switch to your new user account before moving forward.


Unlike ssh keys, there’s a hard limit of 2 access keys assigned to an IAM user.

If you run out of Access Key Slots, just go ahead and delete the Key Pair that you are not currently using.

The Option for 2 Access Key Pairs exists mostly to allow you to gracefully swap out your Access Key Pairs.

If you decide that you want to use a different Access Key Pair for each of your Portable Devices, like if you have multiple laptops, you’ll probably want to setup a seperate account for each device.

This is similar to setting up an application specific account, which is essentially what we did here.

Leave a Reply

Your email address will not be published. Required fields are marked *