2

I came across Get Username from Amazon Access Key in Java when searching for a solution for a problem I have.

But the only difference is I want to achieve the exact opposite: Is it possible to get the access key & secret key to perform Java SDK operations by using the username created in IAM?

I want to build an application when the user logs in with his IAM credentials he can start and stop instances in the application. But to do that I need the access & secret key of that user.

I hope someone can help me or knows a workaround for my problem.

Thank you!

Community
  • 1
  • 1
Richaar
  • 31
  • 1
  • 6
  • 1
    Hmm, I'm a little confused, now. If they're already logging in with their credentials, why not just carry over the credentials used at login? Or are you trying to hide their AWS credentials behind an easier-to-remember username and password? Could you specify a little more how the current login process works? Note: Edit your original post to add any additional info too large for a comment. – DGolberg Feb 19 '15 at 18:52
  • I indeed want to hide their AWS credentials behind an easier-to-remember username and password. The application is really straight forward. A user can login and when they are logged in I want to show them all their available instances (policy's already applied) and they can then start or stop their instances. – Richaar Feb 19 '15 at 22:31

2 Answers2

1

Assuming your application has respectively sufficient AWS security credentials of its own (e.g. by running on an EC2 instance with an IAM Role for Amazon EC2), you can achieve this by means of the ListAccessKeys API action:

Returns information about the access key IDs associated with the specified user. If there are none, the action returns an empty list.

This API action is exposed in the AWS SDK for Java as listAccessKeys().

Steffen Opel
  • 63,899
  • 11
  • 192
  • 211
  • 1
    Ya beat me to to it! +1 for better (and shorter) description/links than I would've put, lol. – DGolberg Feb 19 '15 at 23:20
  • Thank you for your answern but I can't manage to get the access & security key? Maybe i'm doing something wrong? ListAccessKeysRequest accessRequest = new ListAccessKeysRequest().withUserName("user"); System.out.println(accessRequest); – Richaar Feb 21 '15 at 15:31
  • I don't want to sound rude, but did you had the time to look at my comment? – Richaar Feb 23 '15 at 08:33
  • @Richaar - 'I can't manage to get the access & security key': please be more specific, what isn't working exactly? Do you get an error message, and if so, which one? Or do you get an empty result set? You can test this more easily with the excellent [AWS CLI](https://aws.amazon.com/cli/), just execute `aws iam list-access-keys` to get your own, and `aws iam list-access-keys --user-name username` for somebody else; this should yield a result set or an error message pointing out a permission problem for example. – Steffen Opel Feb 23 '15 at 12:26
0

Quite an old question but I don't believe a correct answer was provided. To directly answer your question it's not possible to retrieve the secret key after it's been created. The documentation for ListAccessKeys notes - To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.

You'll need to solve your problem via another means. Some suggestions would be to use federated login or have the application manage its own set of roles that determines whether the user is authorized to start/stop instances.

n00b
  • 5,843
  • 11
  • 52
  • 82