Skip to main content

CreateAccessKeyRequest

namestring

Name of the access key

user_idstringrequired

ID of the user for whom the access key is being created

user_roleOrgMembership

Role of the user in the organization. Controls what the user can do through the Partner API management endpoints.

  • Admin: Full org access. Can list and manage all access keys in the org, update org settings, and manage users. ListAccessKeys returns all keys in the org.
  • Member: Standard access. Can only manage their own access keys. ListAccessKeys returns only keys owned by this user.

If omitted, defaults to Member behavior.

Possible values: [Admin, Member]

buckets_roles object[]
  • Array [
    • bucket_namestringrequired

    Name of the bucket

    rolestringrequired

    The role defines the permissions for the associated bucket:

    • ReadOnly: Read-only access to the bucket. Permits read operations like GetObject, HeadObject, ListObjects.

    • Editor: Read and write access to the bucket. Includes everything in ReadOnly, plus PutObject, DeleteObject, and bucket configuration operations.

    • Admin: Full access to all buckets in the org, bypasses all permission checks. When used with bucket_name: "*", the access key is treated as a full org admin. The value of bucket_name should always be * when using this role.

      Example:

      { "bucket_name": "*", "role": "Admin" }

    Possible values: [ReadOnly, Editor, Admin]

  • ]
    • attach_policiesstring[]

    Names of existing IAM policies to attach to this access key. All policies must already exist — if any policy name is invalid, the request fails and no key is created.

    create_policies object[]

    New IAM policies to create and attach to this access key. Each policy is created first, then attached atomically. If a policy with the same name already exists the request fails — use attach_policies to reuse an existing policy. If policy document validation fails, no key is created.

  • Array [
    • namestringrequired

    Name of the policy. Must be unique within the organization. Only alphanumeric characters and +=,.@_- are allowed.

    Possible values: <= 128 characters

    document objectrequired

    AWS IAM-compatible policy document. See IAM Policies documentation for details.

    Versionstringrequired

    Policy language version.

    Possible values: [2012-10-17]

    Statement object[]required
  • Array [
    • Sidstring

    Optional identifier for the statement

    Effectstringrequired

    Whether this statement allows or denies the specified actions

    Possible values: [Allow, Deny]

    Actionstring[]required

    S3 actions to allow or deny. Common actions: s3:GetObject, s3:PutObject, s3:DeleteObject, s3:ListBucket, s3:*. See supported actions.

    Resourcestring[]required

    S3 resource ARNs. Use arn:aws:s3:::bucket for bucket-level and arn:aws:s3:::bucket/prefix/* for prefix-scoped access.

    Conditionobject

    Optional conditions (IP, time-based). See condition examples.

  • ]
    • descriptionstring

    A description for the policy

    Possible values: <= 1000 characters

  • ]
    • CreateAccessKeyRequest
    {
      "name": "string",
      "user_id": "string",
      "user_role": "Admin",
      "buckets_roles": [
        {
          "bucket_name": "string",
          "role": "ReadOnly"
        }
      ],
      "attach_policies": [
        "string"
      ],
      "create_policies": [
        {
          "name": "string",
          "document": {
            "Version": "2012-10-17",
            "Statement": [
              {
                "Sid": "string",
                "Effect": "Allow",
                "Action": [
                  "string"
                ],
                "Resource": [
                  "string"
                ],
                "Condition": {}
              }
            ]
          },
          "description": "string"
        }
      ]
    }