Managing Access Keys for an IAM User

An access key consists of an access key ID (AK) and secret access key (SK) pair. You can use an access key to access Huawei Cloud using development tools, including APIs, CLI, and SDKs. Access keys cannot be used to log in to the console. AK is a unique identifier used in conjunction with SK to sign requests cryptographically, ensuring that the requests are secret, complete, and correct.

As an administrator, you can manage access keys for IAM users who have forgotten their access keys and do not have access to the console.

Constraints

Federated users can only create temporary access credentials (temporary AKs/SKs and security tokens). For details, see Temporary Access Key (for Federated Users).
If a user is authorized to use the console, the user can manage access keys on the My Credentials page.
Access keys are identity credentials used to call APIs. The account administrator and IAM users can only use their own access keys to call APIs.
If an access key is used more than once in a 15-minute span, the Last Used column in the Access Keys area only displays the first use time.
Each IAM user has a maximum of two access keys, which are permanently valid. For security purposes, change the access keys of IAM users periodically.
If you did not download an access key when creating it, you cannot obtain its SK after closing the dialog box. In this case, you can delete the current access key and create a new one.
Once deleted, an IAM user's access key cannot be recovered. Ensure that the deletion will not affect services.

Creating Access Keys for an IAM User

Log in to the IAM console as the administrator.
In the user list, click a username or click Security Settings in the Operation column to access the user details page.

Figure 1 Managing access keys for an IAM user
Click the Security Settings tab. Click Create Access Key in the Access Keys area.

If operation protection is enabled, you (the administrator) need to enter a verification code or password for identity authentication when creating an access key.
Figure 2 Creating an access key
Click OK. An access key is automatically generated. Download the access key and provide it to the IAM user.

If you did not download an access key when creating it, you cannot obtain its SK after closing the dialog box. In this case, you can delete the current access key and create a new one.

Deleting Access Keys for an IAM User

Log in to the IAM console as the administrator.
In the user list, click a username or click Security Settings in the Operation column to access the user details page.
Click the Security Settings tab. In the Access Keys area, locate the target access key and click Disable in the Operation column.
In the displayed dialog box, click OK.
Click Delete in the Operation column of the disabled access key. Ensure that the deletion will not affect your services.

If operation protection is enabled, you (the administrator) need to enter a verification code or password for identity authentication when deleting an access key.
Figure 3 Deleting an access key
Click OK.

Enabling or Disabling an Access Key

Log in to the IAM console as the administrator.
In the user list, click a username or click Security Settings in the Operation column to access the user details page.
Click the Security Settings tab. In the Access Keys area, locate the access key to be disabled and click Disable in the Operation column.

If operation protection is enabled, you (the administrator) need to enter a verification code or password for identity authentication when disabling an access key.
Figure 4 Disabling an access key
In the displayed dialog box, click OK to disable the access key.

The method of enabling an access key is similar to that of disabling an access key.