Your AWS Identifiers
When you create an AWS account, AWS assigns you a pair of related identifiers:
-
Access Key ID (a 20-character, alphanumeric sequence)
For example: 022QF06E7MXBSH9DHM02
-
Secret Access Key (a 40-character sequence)
For example: kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct
These are your AWS access key identifiers.
Caution | |
---|---|
Your Secret Access Key is a secret and only you and AWS should know it. It is important to keep it confidential to protect your account. Never include it in your requests to AWS, and never e-mail it to anyone. Do not share it outside your organization, even if an inquiry appears to come from AWS or Amazon.com. No one who legitimately represents Amazon will ever ask you for your Secret Access Key. |
Important | |
---|---|
If you developed your application prior to 2006, you may be using a subscription ID instead of an AWS Access Key ID. You can only use your AWS Access Key ID in authenticated requests. Please change your application to use the AWS Access Key ID. For information about viewing your AWS Access Key ID, see Viewing Your AWS Identifiers. |
The Access Key ID is associated with your AWS account. You include it in AWS service requests to identify yourself as the sender of the request.
The Access Key ID is not a secret, and anyone could use your Access Key ID in requests to AWS. To provide proof that you truly are the sender of the request, you must also include a digital signature. For all requests except those using SOAP with WS-Security, you calculate the signature using your Secret Access Key. AWS uses the Access Key ID in the request to look up your Secret Access Key and then calculates a digital signature with the key. If the signature AWS calculates matches the signature you sent, the request is considered authentic. Otherwise, the request fails authentication and is not processed.