This topic describes how to delete an AccessKey pair of a Resource Access Management (RAM) user. If a RAM user no longer needs to access Alibaba Cloud resources by calling API operations or using other development tools, you can delete an AccessKey pair of the RAM user. RAM supports the recycle bin feature. When you delete the AccessKey pairs of a RAM user, the AccessKey pairs are moved to the recycle bin. Then, the AccessKey pairs are automatically deleted from the recycle bin on a regular basis. You can also manually delete AccessKey pairs from the recycle bin. If you accidentally delete an AccessKey pair, you can manually restore the AccessKey pair. This helps minimize the adverse impacts that are caused by accidental deletion of AccessKey pairs.

Prerequisites

Before you can delete the AccessKey pair of a RAM user, you must disable the AccessKey pair. For more information about how to disable an AccessKey pair, see Disable an AccessKey pair of a RAM user.

Quota

The recycle bin can contain up to three AccessKey pairs of a single RAM user. If the number of AccessKey pairs of a single RAM user in the recycle bin exceeds the limit, the system automatically deletes the earliest AccessKey pairs that are moved to the recycle bin.

Move an AccessKey pair to the recycle bin

After you disable an AccessKey pair, you can move the AccessKey pair to the recycle bin. You can no longer use a disabled AccessKey pair or an AccessKey pair that is in the recycle bin.

  1. Log on to the RAM console by using your Alibaba Cloud account or a RAM user that has administrative rights.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click the username of a specific RAM user.
  4. In the User AccessKeys section of the page that appears, find the AccessKey pair that you want to delete and click Delete in the Actions column.
  5. In the Delete dialog box, enter the AccessKey ID of the AccessKey that you want to delete and click Delete.

Permanently delete an AccessKey pair

Deletion methods

  • Automatic deletion: The retention period of AccessKey pairs in the recycle bin is 30 days. If the retention period ends, the system automatically deletes the AccessKey pairs.
  • Manual deletion: You can manually delete AccessKey pairs from the recycle bin. The following procedure describes how to manually delete an AccessKey pair from the recycle bin.

Impact

If you delete an AccessKey pair from the recycle bin, the AccessKey pair is permanently deleted. You cannot restore information about the AccessKey pair.

Procedure

  1. In the User AccessKeys section of the page that appears, find the AccessKey pair that you want to delete and click Delete in the Actions column.
  2. In the Delete AccessKey dialog box, enter the AccessKey ID and click Delete.

Restore an AccessKey pair from the recycle bin

If you accidentally delete an AccessKey pair or if you no longer want to delete the AccessKey pair, you can restore the AccessKey pair from the recycle bin. After you restore an AccessKey pair, the AccessKey pair is enabled. Then, you can use the AccessKey pair to perform operations.

Important
  • If the RAM user whose AccessKey pair you want to restore is also in the recycle bin, you must restore the RAM user before you can restore the AccessKey pair.
  • The system restores all information about an AccessKey pair. However, the AccessKey secret is displayed only when the AccessKey pair was created. You cannot query the AccessKey secret.
  1. In the User AccessKeys section of the page that appears, find the AccessKey pair that you want to restore and click Restore in the Actions column.
  2. In the Restore AccessKey message, click Restore.