Open glg-satish-tripathi opened 1 year ago
The description field/tag on IAM Access Keys is an incredibly useful feature, and it's really a shame that it can only be done via the AWS console. Adding this functionality to the CLI would be a great addition and would allow admins to better evaluate the key's purpose.
After trying this in the console, I see that all this feature is doing is tagging the IAM user with a key
of the access key and a value
of whatever description you provide. To create this same functionality while using the AWS CLI, you'd have to do something like this:
username="mmartin-delete-after-jan-25"
tagValue="China Production Use Case"
accessKey=$(aws iam create-access-key --user-name $username --query 'AccessKey.[AccessKeyId]' --output text --no-cli-pager)
# create a tag for the access key
aws iam tag-user --user-name $username --tags Key=$accessKey,Value=$tagValue --no-cli-pager
Thanks @mikemartin1090 for sharing that solution! @glg-satish-tripathi does that address your use case?
Greetings! It looks like this issue hasn’t been active in longer than five days. We encourage you to check if this is still an issue in the latest release. In the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or upvote with a reaction on the initial post to prevent automatic closure. If the issue is already closed, please feel free to open a new one.
Sorry i am bit late on this. Thanks for the solution Mike. @tim-finnigan having a description field will still be more useful then doing it this way. In most of the aws cli we do have a description field so i think it should be here as well.
Hi @glg-satish-tripathi. In that case I will forward your feature request to the IAM team for further consideration, as new API functionality would need to be implemented by them. I'll transfer this issue to our cross-SDK repository and let you know if we have any updates. Thanks! (ticket for our reference: P80807167)
Describe the feature
There is no option in aws cli to create and access key with description/tag as it's there in the aws web console. The same this with aw-sdk and aws terraform provider.
Use Case
This will be very useful in case of automation where we are creating access key using a lambda function on a certain time interval and updating it in Jenkins/Spacelift for AWS china user as AWS china don't have role based access support.
So the description is necessary to have in order to give the Access key id a meaningful description.
Proposed Solution
aws iam create-access-key --user-name xyz --description "Key for China user" aws iam update-access-key --access-key-id xyztxcdc --user xyz-- description "Key for China user"
Other Information
No response
Acknowledgements
CLI version used
aws-cli/2.8.4 Python/3.10.8 Darwin/22.1.0 source/arm64
Environment details (OS name and version, etc.)
MacOs