This topic describes how to create an AccessKey pair for a RAM user or an Alibaba Cloud account.

Important If the AccessKey pair of an Alibaba Cloud account is leaked, the resources that belong to the account are exposed to potential risks. To ensure account security, we recommend that you create an AccessKey pair for a RAM user instead of an Alibaba Cloud account.

What is an AccessKey pair?

When you call API operations, you must use an AccessKey pair to complete identity verification. An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

  • The AccessKey ID is used to identify a user.
  • The AccessKey secret is used to verify the identity of the user. You must keep your AccessKey secret strictly confidential.

Create an AccessKey pair for a RAM user

You can use one of the following accounts to create an AccessKey pair for a RAM user:

  • You can use the Alibaba Cloud account to which the RAM user belongs.
  • You can use a RAM user that is assigned the administrative rights The RAM user that is assigned the administrative rights and the RAM user for which you want to create an AccessKey pair must belong to the same Alibaba Cloud account.
  • You can use a RAM user that is granted the permissions to manage AccessKey pairs. You can use the Alibaba Cloud account to which the RAM user belongs to grant the permissions. For more information, see Configure security policies for RAM users.
  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Identities > Users.
  3. On the Users page, click the username of a specific RAM user.
  4. In the User AccessKeys section, click Create AccessKey.
  5. In the View Secret dialog box, view the AccessKey ID and AccessKey secret.

    You can click Download CSV File to download the AccessKey pair or click Copy to copy the AccessKey pair.

    Note
    • An AccessKey secret for a RAM user is displayed only after you click Create AccessKey. You cannot query the AccessKey secret in subsequent operations. Therefore, you must back up your AccessKey secret.
    • If an AccessKey pair is leaked or lost, you must create another AccessKey pair. You can create a maximum of two AccessKey pairs for each RAM user.
  6. Click OK.

Create an AccessKey pair for an Alibaba Cloud account

  1. Log on to the Alibaba Cloud Management Console by using your Alibaba Cloud account.
  2. Move the pointer over the profile picture in the upper-right corner of the page that appears and click AccessKey Management.
  3. In the Note message, read the security tips and click Use Current AccessKey Pair.
  4. On the AccessKey Pair page, click Create AccessKey.
  5. In the View Secret dialog box, view the AccessKey ID and AccessKey secret.

    You can click Download CSV File to download the AccessKey pair or click Copy to copy the AccessKey pair.

    Note
    • You can view the AccessKey secret of an Alibaba Cloud account. To view the AccessKey secret of an Alibaba Cloud account, click View Secret.
    • You can create up to five AccessKey pairs for each Alibaba Cloud account.
  6. Click OK.

What to do next

If you have used an AccessKey pair for more than three months, we recommend that you rotate the AccessKey pair in a timely manner. If an AccessKey pair has not been used for a long period of time, we recommend that you disable and delete the AccessKey pair at the earliest opportunity. This reduces the risk of AccessKey pair leaks.