All Products
Search

This Product

    Simple Log Service:AccessKey pair

    Document Center

    Simple Log Service:AccessKey pair

    Last Updated:Apr 22, 2025

    An Alibaba Cloud AccessKey pair is a secure identity credential that you can use to access Alibaba Cloud resources by calling API operations. You can use an AccessKey pair to sign API requests to pass the security authentication. This topic describes how to create and obtain an AccessKey pair.

    What is an AccessKey pair?

    An AccessKey pair is a permanent access credential that is provided by Alibaba Cloud to a user. An AccessKey pair consists of an AccessKey ID and an AccessKey secret.

    • The AccessKey ID is used to identify a user.

    • The AccessKey secret is used to verify the identity of the user.

    The AccessKey ID and AccessKey secret are generated by RAM based on algorithms. Alibaba Cloud encrypts the AccessKey ID and AccessKey secret during storage and transmission.

    You cannot use the AccessKey pair for console logons. When you use a development tool such as an API, CLI, SDK, or Terraform to access Alibaba Cloud, the initiated requests include the AccessKey ID and the signature that is generated to encrypt the requests by using the AccessKey secret. In this case, the AccessKey pair is used for identity verification and request validity verification.

    Create an AccessKey pair for a RAM user

    Prerequisites

    You can use one of the following accounts to create an AccessKey pair for a RAM user:

    • An Alibaba Cloud account.

    • A RAM administrator.

    • A RAM user that is granted the permissions to manage AccessKey pairs. You can use the Alibaba Cloud account to which the RAM user belongs to grant the permissions. For more information about how to grant a RAM user the permissions to manage AccessKey pairs, see Manage security settings of RAM users.

    Limits

    • The AccessKey secret of a RAM user is displayed only when you create the AccessKey pair for the RAM user. You cannot query the AccessKey secret in subsequent operations. This helps reduce the risks of AccessKey pair leaks. Record the AccessKey secret and keep it confidential.

    • You can create a maximum of two AccessKey pairs for a RAM user.

    Procedure

    1. Log on to the RAM console.

    2. In the left-side navigation pane, choose Identities > Users.

    3. On the Users page, click the username of the RAM user that you want to manage.

    4. In the AccessKey section of the Authentication tab, click Create AccessKey.

      image

    5. Read the suggestion for each scenario and select a credential solution based on your business requirements. If you must create an AccessKey pair, select a scenario, select I confirm that it is necessary to create an AccessKey, and then click Continue. The created AccessKey pair can be used in all scenarios.

      image

    6. In the Create AccessKey dialog box, save the AccessKey ID and AccessKey secret, and click OK.

      image