How do I obtain an access key AK/SK?
l If you have a login password, you can access the console. On the Console page, move the pointer to your username in the upper-right corner, select My credentials from the dropdown menu, and click the AccessKey tab. You can then view your Access Key ID (AK) in the access key list and find your Secret Access Key (SK) in the downloaded .csv file.
l If you do not have a login password and cannot access the console—such as when your access keys are lost or need to be reset—you may contact your account administrator to generate new access keys for you on the IAM and have them securely delivered to you.
What should I do if my access key AK/SK is lost?
If your Access Key (AK/SK) is lost, we recommend that you first create a new AK/SK, then replace the lost key in all applications and services with the new one.
After confirming that there is no business impact, you can safely disable or delete the lost AK/SK.
Description:
Each user can create a maximum of two access keys, and the quota cannot be increased.
If you are unable to manage your access keys, please contact your organization's account administrator for assistance.
What are temporary security credentials (temporary AK/SK and Security Token)?
Temporary security credentials are identity credentials with temporary access permissions, including a temporary AK/SK and Security Token. These credentials function almost identically to permanent security credentials, with only minor differences.
Differences Between Temporary and Permanent Security Credentials
l Temporary security credentials have a validity period, which can be set between 15 minutes and 24 hours; permanent security credentials have a permanent validity period and cannot be configured.
l There is no limit on the number of temporary security credentials; each IAM user can create up to 2 permanent security credentials.
l Temporary security credentials are obtained via API to retrieve temporary AK/SK; permanent security credentials are obtained through the My credentials console interface.
l Temporary security credentials are dynamically generated for immediate use and cannot be embedded in applications or stored. Once expired, they cannot be reused and must be reacquired.
Advantages of Temporary Security Credentials
When granting authorization to external federated users, the advantages of temporary security credentials become particularly evident. Instead of providing external federated users with permanent security credentials that require regular rotation and active revocation, you can grant them temporary security credentials that are ready for immediate use and expire after a set period. This enhances account security and adheres to the security best practice of least privilege.
Usage of Temporary Security Credentials
Temporary security credentials include temporary AK/SK and a Security Token. The temporary AK/SK and Security Token must be used together. The usage of temporary security credentials is almost identical to that of permanent security credentials. However, when authenticating with temporary security credentials, the request header must include the x-security-token field.