how to generate Access key & secret key for AWS roles

Question

I want to manage the my AWS environment using PowerShell. We are getting access through IAM roles. I am facing trouble to generate the Access key & secret key for my IAM role. Can someone guide me how can i generate these keys.

Answer 1

An IAM Role can only be used by an IAM User. This is because the User needs to authenticate to AWS to prove that they are that user. This will then provide IAM User credentials.

If you then wish to use a role, you can use the User credentials to call Use-STSRole, which will assume the role and return a set of credentials associated with the Role. (Note: The credentials will expire after a period of time, typically one hour.)

For more details, see: Switching to an IAM Role (Tools for Windows PowerShell)

Answer 2

You do not generate IAM Access Key / Secret Key for roles. AWS generates these for you and makes them available in the instance's metadata.

The AWS Tools for Windows PowerShell will automatically extract the access key / secret key from the instance's metadata if you have installed PowerShell and the AWS Tools correctly.

This link will provide more information about PowerShell and IAM Roles:

IAM Roles for EC2

[Update after new comment]

If your goal is to generate IAM access keys for a new user, login to the AWS console, go to IAM, go to users, Add User, click "Programmatic access", then Set permissions for the user and finish by creating the user. On the next screen will be the access keys. You need to download (or copy) the Secret access key as it will NOT be shown again.

For an existing user, click on the user, click on the "Security credentials" tab, then click the "Create access key" button. Copy or download the keys. Note: You cannot access previously created access keys. If you have lost the secret access key, then you have to generate new ones.

Managing Access Keys for Your AWS Account