Changing Root Access Key to IAM Users on AWS

I got an old AWS instance created way back 2009 when I was still learning and only way to access AWS resources through the API was through an access id and security access key. Unfortunately during that time there were no IAM yet. Fast forward a year or so this is highly insecure as those access keys have root access. Best practice is to use IAM and create a user which you add to a Group assigned with the specific policy permissions.

We got a notice from AWS that we need to either rotate or delete our access keys. But better way to do it is create a new user instead.
1. First go to AWS console then IAM, on your dashboard you would see something like this if you have an access key generated from the root.
Delete Root Access Key2. Click accordion tab to expand and click on Manage Security Credentials

3. Expand Access Keys (Access Key ID and Secret Access Key) and check any access keys and where you likely used them. In my case I use them for Amazon SES via PHP SimpleEmailService class.

4. Delete the access keys.

5. Go to on Groups, click Create a Group then Give a name, Attach Policy – AdministratorAccess and AmazonSESFullAcces, then save.



6. Go to User, click on Create User and download the new access key and access secret key.

7. Assign the user to the group.

That should be it.

Now update any of your files that you use the previous root key.



Leave a Reply

Your email address will not be published. Required fields are marked *