Skip to main content

Creating another user's S3 access keys

Contributors netapp-lhalbert

If you are using an S3 tenant and you have the appropriate permission, you can create S3 access keys for other users, such as applications that need access to buckets and objects.

What you'll need
  • You must be signed in to the Tenant Manager using a supported browser.

  • You must have the Root Access permission.

About this task

You can create one or more S3 access keys for other users so they can create and manage buckets for their tenant account. After you create a new access key, update the application with the new access key ID and secret access key. For security, do not create more keys than the user needs, and delete the keys that are not being used. If you have only one key and it is about to expire, create a new key before the old one expires, and then delete the old one.

Each key can have a specific expiration time or no expiration. Follow these guidelines for expiration time:

  • Set an expiration time for the keys to limit the user's access to a certain time period. Setting a short expiration time can help reduce risk if the access key ID and secret access key are accidentally exposed. Expired keys are removed automatically.

  • If the security risk in your environment is low and you do not need to periodically create new keys, you do not have to set an expiration time for the keys. If you decide later to create new keys, delete the old keys manually.

Important The S3 buckets and objects belonging to a user can be accessed using the access key ID and secret access key displayed for that user in the Tenant Manager. For this reason, protect access keys as you would a password. Rotate access keys on a regular basis, remove any unused keys from the account, and never share them with other users.
Steps
  1. Select ACCESS MANAGEMENT > Users.

  2. Select the user whose S3 access keys you want to manage.

    The user detail page appears.

  3. Select Access keys, then select Create key.

  4. Do one of the following:

    • Select Do not set an expiration time to create a key that does not expire. (Default)

    • Select Set an expiration time, and set the expiration date and time. screenshot of the Create Access Key dialog

  5. Select Create access key.

    The Download access key dialog box appears, listing the access key ID and secret access key.

  6. Copy the access key ID and the secret access key to a safe location, or select Download .csv to save a spreadsheet file containing the access key ID and secret access key.

    Important Do not close this dialog box until you have copied or downloaded this information.
    screenshot of the Save Keys dialog box
  7. Select Finish.

    The new key is listed on the Access keys tab of the user details page. Changes might take up to 15 minutes to take effect because of caching.

Related information

Tenant management permissions