IAM / Client / list_access_keys

list_access_keys#

IAM.Client.list_access_keys(**kwargs)#

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. If a temporary access key is used, then UserName is required. If a long-term key is assigned to the user, then UserName is not required.

This operation works for access keys under the Amazon Web Services account. If the Amazon Web Services account has no associated users, the root user returns it’s own access key IDs by running this command.

Note

To ensure the security of your Amazon Web Services account, the secret access key is accessible only during key and user creation.

See also: AWS API Documentation

Request Syntax

response = client.list_access_keys(
    UserName='string',
    Marker='string',
    MaxItems=123
)
Parameters:
  • UserName (string) –

    The name of the user.

    This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

  • Marker (string) – Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.

  • MaxItems (integer) –

    Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

    If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

Return type:

dict

Returns:

Response Syntax

{
    'AccessKeyMetadata': [
        {
            'UserName': 'string',
            'AccessKeyId': 'string',
            'Status': 'Active'|'Inactive',
            'CreateDate': datetime(2015, 1, 1)
        },
    ],
    'IsTruncated': True|False,
    'Marker': 'string'
}

Response Structure

  • (dict) –

    Contains the response to a successful ListAccessKeys request.

    • AccessKeyMetadata (list) –

      A list of objects containing metadata about the access keys.

      • (dict) –

        Contains information about an Amazon Web Services access key, without its secret key.

        This data type is used as a response element in the ListAccessKeys operation.

        • UserName (string) –

          The name of the IAM user that the key is associated with.

        • AccessKeyId (string) –

          The ID for this access key.

        • Status (string) –

          The status of the access key. Active means that the key is valid for API calls; Inactive means it is not.

        • CreateDate (datetime) –

          The date when the access key was created.

    • IsTruncated (boolean) –

      A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

    • Marker (string) –

      When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.

Exceptions

Examples

The following command lists the access keys IDs for the IAM user named Alice.

response = client.list_access_keys(
    UserName='Alice',
)

print(response)

Expected Output:

{
    'AccessKeyMetadata': [
        {
            'AccessKeyId': 'AKIA111111111EXAMPLE',
            'CreateDate': datetime(2016, 12, 1, 22, 19, 58, 3, 336, 0),
            'Status': 'Active',
            'UserName': 'Alice',
        },
        {
            'AccessKeyId': 'AKIA222222222EXAMPLE',
            'CreateDate': datetime(2016, 12, 1, 22, 20, 1, 3, 336, 0),
            'Status': 'Active',
            'UserName': 'Alice',
        },
    ],
    'ResponseMetadata': {
        '...': '...',
    },
}