本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 管理 IAM 存取金鑰
## 建立存取金鑰
若要建立 IAM 存取金鑰,請使用 [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreateAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreateAccessKeyRequest.html) 物件呼叫 `IamClient’s``createAccessKey`方法。
**注意**
您必須將區域設定為 **AWS\$1GLOBAL**,`IamClient`呼叫才能運作,因為 IAM 是全域服務。
**匯入**
```
import software.amazon.awssdk.services.iam.model.CreateAccessKeyRequest;
import software.amazon.awssdk.services.iam.model.CreateAccessKeyResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Code**
```
public static String createIAMAccessKey(IamClient iam,String user) {
try {
CreateAccessKeyRequest request = CreateAccessKeyRequest.builder()
.userName(user).build();
CreateAccessKeyResponse response = iam.createAccessKey(request);
String keyId = response.accessKey().accessKeyId();
return keyId;
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/CreateAccessKey.java)。
## 列出存取金鑰
若要列出指定使用者的存取金鑰,請建立包含要列出金鑰之使用者名稱的[https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysRequest.html)物件,並將其傳遞給 `IamClient’s``listAccessKeys`方法。
**注意**
如果您未提供使用者名稱給 `listAccessKeys`,則會嘗試列出與簽署請求 AWS 帳戶 之 相關聯的存取金鑰。
**匯入**
```
import software.amazon.awssdk.services.iam.model.AccessKeyMetadata;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.ListAccessKeysRequest;
import software.amazon.awssdk.services.iam.model.ListAccessKeysResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Code**
```
public static void listKeys( IamClient iam,String userName ){
try {
boolean done = false;
String newMarker = null;
while (!done) {
ListAccessKeysResponse response;
if(newMarker == null) {
ListAccessKeysRequest request = ListAccessKeysRequest.builder()
.userName(userName).build();
response = iam.listAccessKeys(request);
} else {
ListAccessKeysRequest request = ListAccessKeysRequest.builder()
.userName(userName)
.marker(newMarker).build();
response = iam.listAccessKeys(request);
}
for (AccessKeyMetadata metadata :
response.accessKeyMetadata()) {
System.out.format("Retrieved access key %s",
metadata.accessKeyId());
}
if (!response.isTruncated()) {
done = true;
} else {
newMarker = response.marker();
}
}
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
`listAccessKeys` 的結果會分頁 (每個呼叫預設最多 100 個記錄)。您可以在傳回的[https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysResponse.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysResponse.html)物件`isTruncated`上呼叫 ,以查看查詢是否傳回較少的結果,然後可用。若是如此,請在 `marker` 上呼叫 `ListAccessKeysResponse`,並將它用於建立新的請求。在下次呼叫 `listAccessKeys` 時使用該新的請求。
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/ListAccessKeys.java)。
## 擷取上次使用存取金鑰的時間
若要取得上次使用存取金鑰的時間,請使用存取金鑰的 ID 呼叫 `IamClient’s``getAccessKeyLastUsed`方法 (可以使用 [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedRequest.html) 物件傳入。
然後,您可以使用傳回的[https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedResponse.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedResponse.html)物件來擷取金鑰的上次使用時間。
**匯入**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedRequest;
import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedResponse;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Code**
```
public static void getAccessKeyLastUsed(IamClient iam, String accessId ){
try {
GetAccessKeyLastUsedRequest request = GetAccessKeyLastUsedRequest.builder()
.accessKeyId(accessId).build();
GetAccessKeyLastUsedResponse response = iam.getAccessKeyLastUsed(request);
System.out.println("Access key was last used at: " +
response.accessKeyLastUsed().lastUsedDate());
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
System.out.println("Done");
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/AccessKeyLastUsed.java)。
## 啟用或停用存取金鑰
您可以透過建立 [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateAccessKeyRequest.html) 物件、提供存取金鑰 ID、選擇性的使用者名稱和所需的 來啟用或停用存取金鑰[https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/StatusType.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/StatusType.html),然後將請求物件傳遞給 `IamClient’s``updateAccessKey`方法。
**匯入**
```
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.StatusType;
import software.amazon.awssdk.services.iam.model.UpdateAccessKeyRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Code**
```
public static void updateKey(IamClient iam, String username, String accessId, String status ) {
try {
if (status.toLowerCase().equalsIgnoreCase("active")) {
statusType = StatusType.ACTIVE;
} else if (status.toLowerCase().equalsIgnoreCase("inactive")) {
statusType = StatusType.INACTIVE;
} else {
statusType = StatusType.UNKNOWN_TO_SDK_VERSION;
}
UpdateAccessKeyRequest request = UpdateAccessKeyRequest.builder()
.accessKeyId(accessId)
.userName(username)
.status(statusType)
.build();
iam.updateAccessKey(request);
System.out.printf(
"Successfully updated the status of access key %s to" +
"status %s for user %s", accessId, status, username);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/UpdateAccessKey.java)。
## 刪除存取金鑰
若要永久刪除存取金鑰,請呼叫 `IamClient’s``deleteKey`方法,提供[https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteAccessKeyRequest.html)包含存取金鑰 ID 和使用者名稱的 。
**注意**
金鑰一旦刪除,就不能再擷取或使用。若要暫時停用金鑰以便稍後再次啟用,請改用 [`updateAccessKey`](#iam-access-keys-update)方法。
**匯入**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.DeleteAccessKeyRequest;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Code**
```
public static void deleteKey(IamClient iam ,String username, String accessKey ) {
try {
DeleteAccessKeyRequest request = DeleteAccessKeyRequest.builder()
.accessKeyId(accessKey)
.userName(username)
.build();
iam.deleteAccessKey(request);
System.out.println("Successfully deleted access key " + accessKey +
" from user " + username);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/DeleteAccessKey.java)。
## 其他資訊
+ IAM API 參考中的 [CreateAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html)
+ IAM API 參考中的 [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html)
+ 《 IAM API 參考》中的 [GetAccessKeyLastUsed](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html)
+ IAM API 參考中的 [UpdateAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html)
+ IAM API 參考中的 [DeleteAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html)