Creating an EIM Access Key

You can create access keys for a specified user to enable them to perform the actions they are allowed to. The new access key is automatically set to Active.

This action generates both an access key ID and a secret key ID for the user to sign API requests. For more information, see About EIM Users > Users Credentials.

You can use this action for access keys associated with the root user. Therefore, you can use it to manage root credentials even if the OUTSCALE account has no associated EIM users.

Creating an EIM Access Key Using Cockpit v2

In the EIM Users dashboard, click the details icon of the user you want to create an access key for.
The EIM user details panel appears.
Click Create Access Key.
The CREATE EIM ACCESS KEY dialog box appears.
(optional) Set an expiration date.

As a good practice, it is recommended to set an expiration date and renew your access key regularly.
Click Create.
The access key is created.
Click to copy the secret key, or click Download to download a file containing the secret key.

For security reasons, the secret key is only available when creating the access key. Save it carefully as you will not be able to retrieve it later.

Creating an EIM Access Key Using OSC CLI

The CreateAccessKey command creates an access key for either your root account or an EIM user. The new key is automatically set to ACTIVE.

For more information, see About Access Keys.

Request sample: Example with access key/secret key authentication

$ osc-cli api CreateAccessKey --profile "default" \
    --ExpirationDate "2063-04-05"

Request sample: Example with login/password authentication

$ osc-cli api CreateAccessKey --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
    --ExpirationDate "2063-04-05"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
ExpirationDate: (optional) The date and time, or the date, at which you want the access key to expire, in ISO 8601 format (for example, 2020-06-14T00:00:00.000Z, or 2020-06-14). To remove an existing expiration date, use the method without specifying this parameter.
UserName: (optional) The name of the EIM user that owns the key to be created. If you do not specify a user name, this action creates an access key for the user who sends the request (which can be the root account).

The CreateAccessKey command returns the following elements:

AccessKey: Information about the access key.
- AccessKeyId: The ID of the access key.
- CreationDate: The date and time (UTC) at which the access key was created.
- ExpirationDate: The date and time (UTC) at which the access key expires.
- LastModificationDate: The date and time (UTC) at which the access key was last modified.
- SecretKey: The secret key that enables you to send requests.
- State: The state of the access key (ACTIVE if the key is valid for API calls, or INACTIVE if not).
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "AccessKey": {
    "State": "ACTIVE",
    "AccessKeyId": "ABCDEFGHIJ0123456789",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "ExpirationDate": "2063-04-05T00:00:00.000+0000",
    "SecretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000"
  }
}

Creating an EIM Access Key Using oapi-cli

The CreateAccessKey command creates an access key for either your root account or an EIM user. The new key is automatically set to ACTIVE.

For more information, see About Access Keys.

Request sample: Example with access key/secret key authentication

$ oapi-cli --profile "default" CreateAccessKey \
    --ExpirationDate "2063-04-05"

Request sample: Example with login/password authentication

$ oapi-cli --profile "default" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" CreateAccessKey \
    --ExpirationDate "2063-04-05"

This command contains the following attributes that you need to specify:

DryRun: (optional) If true, checks whether you have the required permissions to perform the action.
ExpirationDate: (optional) The date and time, or the date, at which you want the access key to expire, in ISO 8601 format (for example, 2020-06-14T00:00:00.000Z, or 2020-06-14). To remove an existing expiration date, use the method without specifying this parameter.
UserName: (optional) The name of the EIM user that owns the key to be created. If you do not specify a user name, this action creates an access key for the user who sends the request (which can be the root account).

The CreateAccessKey command returns the following elements:

AccessKey: Information about the access key.
- AccessKeyId: The ID of the access key.
- CreationDate: The date and time (UTC) at which the access key was created.
- ExpirationDate: The date and time (UTC) at which the access key expires.
- LastModificationDate: The date and time (UTC) at which the access key was last modified.
- SecretKey: The secret key that enables you to send requests.
- State: The state of the access key (ACTIVE if the key is valid for API calls, or INACTIVE if not).
ResponseContext: Information about the context of the response.
- RequestId: The ID of the request.

Result sample

{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "AccessKey": {
    "State": "ACTIVE",
    "AccessKeyId": "ABCDEFGHIJ0123456789",
    "CreationDate": "2010-10-01T12:34:56.789+0000",
    "ExpirationDate": "2063-04-05T00:00:00.000+0000",
    "SecretKey": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
    "LastModificationDate": "2010-10-01T12:34:56.789+0000"
  }
}

Creating an EIM Access Key Using AWS CLI

Before you begin: Install and configure AWS CLI. For more information, see Installing and Configuring AWS CLI.

To create a new access key for a user, use the create-access-key command following this syntax:

Request sample

$ aws iam create-access-key \
    --profile YOUR_PROFILE \
    --user-name USER_NAME \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

(optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.
(optional) user-name: The name of the user.

If you do not specify a user name, this action creates an access key for the user who sends the request.
endpoint: The endpoint corresponding to the Region you want to send the request to. For more information, see Installing and Configuring AWS CLI.

The create-access-keys command returns the following elements:

AccessKey: Information about the newly created access key. This element contains the following information:

UserName: The name of the user the access key is associated with.
Status: The state of the access key. For more information, see About EIM Users > Users Credentials or Modifying an EIM Access Key.
CreateDate: The date and time of the access key creation.

SecretAccessKey: The secret access key to sign requests.

For security reasons, the secret access key is only available when creating it. Save it carefully as you will not be able to retrieve it later.

If you lose the secret access key, you can delete it and must create a new one for the user.

AccessKeyId: The ID of the access key.

Result sample

{
    "AccessKey": {
        "UserName": "orn:ows:idauth::123456789012:user/User_Name",
        "Status": "Active",
        "CreateDate": "2016-05-12T14:58:06.364Z",
        "SecretAccessKey": "aBcdeFGhiJKLM/N1OPQRS/tuVWxYzABcDEFGHIJKLM",
        "AccessKeyId": "NOPQR2STUVWX3YZABCDE"
    }
}

The access key is created and associated with the specified user.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.