:doc:`IAM <../../iam>` / Client / create_access_key

*****************
create_access_key
*****************



.. py:method:: IAM.Client.create_access_key(**kwargs)

  

  Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is ``Active``.

   

  If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is true even if the Amazon Web Services account has no associated users.

   

  For information about quotas on the number of keys you can create, see `IAM and STS quotas <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html>`__ in the *IAM User Guide*.

   

  .. warning::

     

    To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateAccessKey>`_  


  **Request Syntax**
  ::

    response = client.create_access_key(
        UserName='string'
    )
    
  :type UserName: string
  :param UserName: 

    The name of the IAM user that the new key will belong to.

     

    This parameter allows (through its `regex pattern <http://wikipedia.org/wiki/regex>`__) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AccessKey': {
              'UserName': 'string',
              'AccessKeyId': 'string',
              'Status': 'Active'|'Inactive'|'Expired',
              'SecretAccessKey': 'string',
              'CreateDate': datetime(2015, 1, 1)
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 

      Contains the response to a successful `CreateAccessKey <https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html>`__ request.

      
      

      - **AccessKey** *(dict) --* 

        A structure with details about the access key.

        
        

        - **UserName** *(string) --* 

          The name of the IAM user that the access key is associated with.

          
        

        - **AccessKeyId** *(string) --* 

          The ID for this access key.

          
        

        - **Status** *(string) --* 

          The status of the access key. ``Active`` means that the key is valid for API calls, while ``Inactive`` means it is not.

          
        

        - **SecretAccessKey** *(string) --* 

          The secret key used to sign requests.

          
        

        - **CreateDate** *(datetime) --* 

          The date when the access key was created.

          
    
  
  **Exceptions**
  
  *   :py:class:`IAM.Client.exceptions.NoSuchEntityException`

  
  *   :py:class:`IAM.Client.exceptions.LimitExceededException`

  
  *   :py:class:`IAM.Client.exceptions.ServiceFailureException`

  

  **Examples**

  The following command creates an access key (access key ID and secret access key) for the IAM user named Bob.
  ::

    response = client.create_access_key(
        UserName='Bob',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'AccessKey': {
            'AccessKeyId': 'AKIAIOSFODNN7EXAMPLE',
            'CreateDate': datetime(2015, 3, 9, 18, 39, 23, 0, 68, 0),
            'SecretAccessKey': 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYzEXAMPLEKEY',
            'Status': 'Active',
            'UserName': 'Bob',
        },
        'ResponseMetadata': {
            '...': '...',
        },
    }

  