Know when the Access key ID was made inactive - amazon-iam

I've made an Access key ID to "Inactive" state from the IAM and later deleted the Access key ID. Now that I don't have the previous Access key ID details to check when it happened. Could someone help me know from where can I get those details ?
FYI, I've searched in Cloudtrail using the old Access key ID but had no luck.
TIA!

Found it! Instead of searching with the lookup attributes "AWS Access key", I used "Event Name" as lookup attribute.
Got the details from the CloudTrail > Event History > "Event name : UpdateAccessKey"

Related

Get account id from private/secret key

I added a way to generate an address from PK58 by possessing the private key, but is there anyway to get the readable account id?
For example, input my private and/or secret key and get account.testnet if they have one, instead of a hex kind of address.
What are the options to get the account id?
There is no way to retrieve named account name from within the private/secret key.
However, there is a way to do it from the public one by using the public access of NEAR Explorer database.
You can find the shared access to the databases in NEAR Indexer for Explorer repo
After you have connected you execute the query:
SELECT account_id FROM access_keys WHERE public_key = 'ed25519:5HApjDQKtYQQhWURi2zQ8rRrVfJftkUDKLjyVejhLBwG';
account_id
-----------------------
py2sfxwe5q16p.testnet
Refer to the Database structure scheme

Unable to create AWS key pair using console

I tried to create new AWS key pairs and the option to create disappeared
Does anyone know why?
It would be worth checking the IAM permissions associated with the User who is trying to create the key pair. Contact the Administrator (presumably you?) and investigate. I would suggest creating a Group with Permissions and adding them to that.
I performed an experiment and added aDeny policy to my IAM User that prevented me from being able to create a keypair.
I then tried to launch an instance and the option to create a keypair (in the dialog box you show above) was still available. So, the display does not vary according to permissions.
Therefore, something else is causing your situation. I would recommend trying it in a different browser. Also, check the underlying HTML to see whether the option is coded on the web page. Something is causing it to disappear.

access credentials error in Copy Command in S3

I am facing access credentials error when i ran copy Command in S3.
my copy command is :
copy part from 's3://lntanbusamplebucket/load/part-csv.tbl'
credentials 'aws_access_key_id=D93vB$;yYq'
csv;
error message is:
error: Invalid credentials. Must be of the format: credentials 'aws_iam_role=...' or 'aws_access_key_id=...;aws_secret_access_key=...[;token=...]'
'aws_access_key_id=?;
aws_secret_access_key=?''
Could you please can any one explain what is aws_access_key_id and aws_secret_access_key ?
where we can see this?
Thanks in advance.
Mani
The access key you're using looks more like a secret key, they usually look something like "AKIAXXXXXXXXXXX".
Also, don't post them openly in StackOverflow questions. If someone gets a hold of a set of access keys, they can access your AWS environment.
Access Key & Secret Key are the most basic form of credentials / authentication used in AWS. One is useless without the other, so if you've lost one of the two, you'll need to regenerate a set of keys.
To do this, go into the AWS console, go to the IAM services (Identity and Access Management) and go into users. Here, select the user that you're currently using (probably yourself) and go to the Security Credentials tab.
Here, under Access keys, you can see which sets of keys are currently active for this user. You can only have 2 sets active at one time, so if there's already 2 sets present, delete one and create a new pair. You can download the new pair as a file called "credentials.csv" and this will contain your user, access key and secret key.

storeSetACL Amazon S3 grant full control to owner by ID, not e-mail address

I'm so close to getting this working. Apparently, my e-mail address is associated with an account other than my AWS account, so when I try to set ACL for owner by e-mail I get an error from Amazon "AmbiguousGrantByEmailAddress". As best as I could find in their forums and docs was that you could set it by the 12 digit ID of the account. However - I can't find the documents that show me the correct name of the key to set.
all_read = {group="all", permission="read"};
authenticated_read = {group="authenticated", permission="read"};
owner_full = {id="nnnn-nnnn-nnnn", permission="full_control"};
aclObj = [owner_full, all_read, authenticated_read];
I've tried both id="nnnn-nnnn-nnnn" and id="nnnnnnnnnnnn" and I keep getting InvalidKey.
SOLUTION (for others that come across this).
The key is "ID", but it's not the 12-digit user ID of the account [despite an Amazon developer stating that on their forums page], it's the canonical ID of the account. Both can be found on the AWS Security Credentials page.

Are the Access Key Id and Secret Access Key related in a known way?

I'd like to be able to verify that a secret key matches a given "Access Key Id" if possible. I thought perhaps the key Id was some sort of hash of the secret key, but I'm not finding documentation for this.
EDIT: upon closer inspection, I wonder whether the access key id is derived from a timestamp...