1. Home
  2. FlexRule Designer
  3. Publishing a Project
  4. Deploy as an AWS Lambda
  5. How to retrieve AWS Access Key Id and Access Key Secret

How to retrieve AWS Access Key Id and Access Key Secret

◷ Reading Time: 5 minutes

There are two ways in creating/retrieving your Access Key Id and Secret.
1. From the My Security Credentials for Root Users
2. From the Identity and Access Management (IAM) page for IAM Users

You must be logged in to AWS Management Console in order to this.

Root Users

On the landing page, click on your account name then select My Security Details.

Next, click on the the Access keys (access key ID and secret access key) accordion tab to expand. Then click Create New Access Key.

A pop up message will notify that you have successfully create an Access Key.

Make sure to download the Key File as the Secret Access Key will never be shown in the AWS Management Console.

IAM Users

A Root User is allowed to create IAM users to represent the person or application to interact with AWS.

To know more, check the AWS Identity and Access Management page.

On the AWS Management Console, click on the Services menu (upper left side). From the list of All Services, look for Security, Identity, & Compliance underneath it click on IAM.

In order for a IAM User to successfully deploy an AWS Lambda, you will need to create a custom policy. On the Identity and Access Management (IAM) page, click Policies (under the Access management menu) then click Create Policy.

Skip this part if you already created this policy before.

On the Create Policy page, click on the JSON tab and copy-paste the code below. Replace the {AWS_ACCOUNT_ID} with your AWS account id (found on My Account).

AWS account id found on My Account
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "apigateway:DELETE",
                "apigateway:UpdateRestApiPolicy",
                "apigateway:PUT",
                "apigateway:PATCH",
                "sts:GetAccessKeyInfo",
                "sts:GetCallerIdentity",
                "apigateway:POST",
                "apigateway:GET"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "lambda:InvokeFunction",
            "Resource": "arn:aws:lambda:*:{AWS_ACCOUNT_ID}:function:*"
        }
    ]
}

On the review section of the create Policy, set the name to FlexRule_Lambda_Access.

Now, on the Identity and Access Management (IAM) page again, click Users (under the Access management menu) then click Add user.

Provide User name and set Access type to Programmatic access.

Add appropriate Permissions by selecting Attach existing policies directly and search for: AmazonS3FullAccess, FlexRule_Lambda_Access, AWSLambda_FullAccess

Proceed to the next steps, at the end you will see a Success page that shows the Access Key Id and Secret of the IAM user.

Troubleshoot

If you get any persmission errors when deploying,

1. Ensure that you have provided all the neccessary permissions to the user.

2. Ensure that you have added your account ID under the policy, FlexRule_Lambda_Access.

Updated on May 4, 2021

Was this article helpful?

Related Articles