Access keys are required to programmatically access AWS resources. Access keys are a combination of access key ID and secret access key. You can setup access keys using below command where username is the name of the user.
aws iam create-access-key --user-name username
You should copy and store the access key id and secret key in a safe place as soon as they are generated. Once lost, secret access key cannot be retrieved. However, a new pair of access keys can be generated.
You can list the access keys of a user account by running the below command:
aws iam list-access-keys --user-name username
To disable a user from programmatically accessing AWS resources, you can delete their access keys. Below is the command to delete access keys of a user.
aws iam delete-access-key --access-key-id YOURAWSACCESSKEYID --user-name username
You can also temporarily disable access keys by marking them as ‘Inactive’. Below is the command to mark access keys as ‘Inactive’:
aws iam update-access-key --access-key-id YOURAWSACCESSKEYID --status Inactive --user-name username
Command to Re-Activate access keys:
aws iam update-access-key --access-key-id YOURAWSACCESSKEYID --status Active --user-name username