AWS Certified Solutions Architect - Associate (SAA-C02)

Sign Up Free or Log In to participate!

Why do we need a separate access key and secret access key?

Why do we need a separate access key and a secret access key? Why 2 keys when MFA is already enabled?

1 Answers

Access key is like a username/userid performing an action using the API or command line tools. The Secret access key is like the password that generates a hash that authenticates the API call. MFA is just an additional layer of protection in case your keys are leaked. (or perhaps someone accidentally checked theirs into source code repo). MFA isn’t intended to replace an ordinary password. 

If it helps, think of MFA in the context of ordinary user authentication to a VPN. There’s the user (access key), and something known to that user (secret access key) and finally something possessed by the user (the MFA, in form of physical key or soft token).

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?