Skip to content

/AWS1/CL_IAM=>CREATEACCESSKEY()

About CreateAccessKey

Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials. This is true even if the Amazon Web Services account has no associated users.

For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

Method Signature

IMPORTING

Optional arguments:

iv_username TYPE /AWS1/IAMEXISTINGUSERNAMETYPE /AWS1/IAMEXISTINGUSERNAMETYPE

The name of the IAM user that the new key will belong to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

RETURNING

oo_output TYPE REF TO /aws1/cl_iamcreateaccesskeyrsp /AWS1/CL_IAMCREATEACCESSKEYRSP

Domain /AWS1/RT_ACCOUNT_ID
Primitive Type NUMC

Examples

Syntax Example

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->/aws1/if_iam~createaccesskey( |string| ).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  lo_accesskey = lo_result->get_accesskey( ).
  IF lo_accesskey IS NOT INITIAL.
    lv_usernametype = lo_accesskey->get_username( ).
    lv_accesskeyidtype = lo_accesskey->get_accesskeyid( ).
    lv_statustype = lo_accesskey->get_status( ).
    lv_accesskeysecrettype = lo_accesskey->get_secretaccesskey( ).
    lv_datetype = lo_accesskey->get_createdate( ).
  ENDIF.
ENDIF.

To create an access key for an IAM user

The following command creates an access key (access key ID and secret access key) for the IAM user named Bob.

DATA(lo_result) = lo_client->/aws1/if_iam~createaccesskey( |Bob| ).