Help Center/ Identity and Access Management/ User Guide/ IAM Users/ Managing Access Keys for an IAM User
Updated on 2024-10-31 GMT+08:00

Managing Access Keys for an IAM User

An access key consists of an access key ID (AK) and secret access key (SK) pair. You can use an access key to access Huawei Cloud using development tools, including APIs, CLI, and SDKs. Access keys cannot be used to log in to the console. AK is a unique identifier used in conjunction with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

As an administrator, you can manage access keys for IAM users who have forgotten their access keys and do not have access to the console.

Choose More > Security Settings in the row containing the IAM user, and then create or delete access keys in the Access Keys area.

Figure 1 Managing access keys for an IAM user
  • Federated users can only create temporary access credentials (temporary AKs/SKs and security tokens). For details, see Temporary Access Key (for Federated Users).
  • If a user is authorized to use the console, the user can manage access keys on the My Credentials page.
  • Access keys are identity credentials used to call APIs. The account administrator and IAM users can only use their own access keys to call APIs.
  • Creating an access key
    1. Click Create Access Key.
      Figure 2 Creating an access key

      Each user has a maximum of two access keys, and the access keys are permanently valid. For security purposes, change the access keys of IAM users periodically.

    2. (Optional) If operation protection is enabled, you need to enter a verification code or password.
    3. Click OK. An access key is automatically generated. Download the access key and provide it to the user.
  • Deleting an access key
    1. In the access key list, click Delete in the row containing the access key to be deleted.
      Figure 3 Deleting an access key
    2. (Optional) If operation protection is enabled, you need to enter a verification code or password.
    3. Click Yes.
  • Enabling/Disabling an access key

    New access keys are enabled by default. To disable an access key, perform the following steps:

    1. In the access key list, click Disable in the row containing the access key you want to disable.
      Figure 4 Disabling an access key
    2. (Optional) If operation protection is enabled, you need to enter a verification code or password, and click Yes.

    The method of enabling an access key is similar to that of disabling an access key.