1 00:00:07,187 --> 00:00:09,869 - Okay, so now that we've created our users and groups, 2 00:00:09,869 --> 00:00:14,675 let's take a look at creating access keys for that user. 3 00:00:14,675 --> 00:00:18,611 So, again, we've created our Jane Doe user. 4 00:00:18,611 --> 00:00:20,178 We've given her a password 5 00:00:20,178 --> 00:00:21,885 so that she can log in to the console, 6 00:00:21,885 --> 00:00:26,837 but perhaps Jane wants to use the Amazon Command Line tools, 7 00:00:26,837 --> 00:00:29,844 or she wants to use the SDK to develop locally. 8 00:00:29,844 --> 00:00:32,717 In those cases, she needs access keys 9 00:00:32,717 --> 00:00:36,467 as a way to authenticate against the AWS API. 10 00:00:37,559 --> 00:00:40,896 So, the password is to log in to the console, 11 00:00:40,896 --> 00:00:43,393 but in order to use the CLI or the SDK 12 00:00:43,393 --> 00:00:45,105 she needs access keys. 13 00:00:45,105 --> 00:00:47,857 And again, as we've talked about, 14 00:00:47,857 --> 00:00:50,140 this kind of authentication and authorization 15 00:00:50,140 --> 00:00:53,605 is specifically for the AWS API. 16 00:00:53,605 --> 00:00:55,798 It is not for operating system 17 00:00:55,798 --> 00:00:59,173 or application level authentication. 18 00:00:59,173 --> 00:01:03,457 So, here I'm on the details of the Jane Doe user, 19 00:01:03,457 --> 00:01:04,685 so I'm gonna make sure that I'm 20 00:01:04,685 --> 00:01:06,892 on the Security Credentials tab. 21 00:01:06,892 --> 00:01:11,209 And you can see that she does not have any access keys yet. 22 00:01:11,209 --> 00:01:13,717 So, I'm gonna create the access key. 23 00:01:13,717 --> 00:01:16,393 Now, at this point, this is the only time 24 00:01:16,393 --> 00:01:19,249 that I will be able to see these access keys. 25 00:01:19,249 --> 00:01:21,734 If I don't copy and paste them from here, 26 00:01:21,734 --> 00:01:23,197 I will never be able to see them again. 27 00:01:23,197 --> 00:01:26,151 I would have to delete them and recreate them. 28 00:01:26,151 --> 00:01:28,607 So, I wanna be sure to copy and paste these. 29 00:01:28,607 --> 00:01:29,785 I'm gonna copy these. 30 00:01:29,785 --> 00:01:33,384 Now generally, if I'm doing this for a user 31 00:01:33,384 --> 00:01:36,893 I wanna be sure to transmit these in a secure way, 32 00:01:36,893 --> 00:01:39,514 over some kind of encrypted connection. 33 00:01:39,514 --> 00:01:42,887 I could copy and paste, I could also download these 34 00:01:42,887 --> 00:01:46,823 as a text file and then transmit that text file to Jane, 35 00:01:46,823 --> 00:01:49,168 again in some kind of secure way. 36 00:01:49,168 --> 00:01:53,644 So, I'm gonna go ahead and copy those, close that, 37 00:01:53,644 --> 00:01:57,620 and you can see now that Jane has an access key. 38 00:01:57,620 --> 00:02:01,881 Now, I can see the key, but I can't see the secret. 39 00:02:01,881 --> 00:02:02,780 There's two parts to it. 40 00:02:02,780 --> 00:02:05,085 There's a public part, and then what we might consider 41 00:02:05,085 --> 00:02:08,612 a private part, the secret part that I can't see. 42 00:02:08,612 --> 00:02:13,310 Now, the best approach might be to enable our users 43 00:02:13,310 --> 00:02:15,528 to create their own access keys 44 00:02:15,528 --> 00:02:18,082 so that they don't have to be transmitted 45 00:02:18,082 --> 00:02:20,484 between an admin and the user. 46 00:02:20,484 --> 00:02:22,070 They can just get them directly, 47 00:02:22,070 --> 00:02:26,267 and that ensures that the keys are kept much more secure. 48 00:02:26,267 --> 00:02:30,469 So, again, that's how we create access keys for our users. 49 00:02:30,469 --> 00:02:32,375 This will be implemented 50 00:02:32,375 --> 00:02:35,017 within the local Amazon Command Line tools 51 00:02:35,017 --> 00:02:37,767 or the SDK for local development.