How to enable and disable programmatic access to an IAM user

Access keys are required to programmatically access AWS resources. Access keys are a combination of access key ID and secret access key. You can setup access keys using below command where username is the name of the user.

aws iam create-access-key --user-name username

You should copy and store the access key id and secret key in a safe place as soon as they are generated. Once lost, secret access key cannot be retrieved. However, a new pair of access keys can be generated.

You can list the access keys of a user account by running the below command:

aws iam list-access-keys --user-name username

To disable a user from programmatically accessing AWS resources, you can delete their access keys. Below is the command to delete access keys of a user.

aws iam delete-access-key --access-key-id YOURAWSACCESSKEYID --user-name username

You can also temporarily disable access keys by marking them as ‘Inactive’. Below is the command to mark access keys as ‘Inactive’:

aws iam update-access-key --access-key-id YOURAWSACCESSKEYID --status Inactive --user-name username

Command to Re-Activate access keys:

aws iam update-access-key --access-key-id YOURAWSACCESSKEYID --status Active --user-name username

See also  How to check if an EBS volume is encrypted