问题
I came across Get Username from Amazon Access Key in Java when searching for a solution for a problem I have.
But the only difference is I want to achieve the exact opposite: Is it possible to get the access key & secret key to perform Java SDK operations by using the username created in IAM?
I want to build an application when the user logs in with his IAM credentials he can start and stop instances in the application. But to do that I need the access & secret key of that user.
I hope someone can help me or knows a workaround for my problem.
Thank you!
回答1:
Assuming your application has respectively sufficient AWS security credentials of its own (e.g. by running on an EC2 instance with an IAM Role for Amazon EC2), you can achieve this by means of the ListAccessKeys API action:
Returns information about the access key IDs associated with the specified user. If there are none, the action returns an empty list.
This API action is exposed in the AWS SDK for Java as listAccessKeys().
回答2:
Quite an old question but I don't believe a correct answer was provided. To directly answer your question it's not possible to retrieve the secret key after it's been created. The documentation for ListAccessKeys notes -
To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.
You'll need to solve your problem via another means. Some suggestions would be to use federated login or have the application manage its own set of roles that determines whether the user is authorized to start/stop instances.
来源:https://stackoverflow.com/questions/28614192/get-amazon-access-key-secret-key-from-iam-username-in-java