Allowing Your IAM Users in AWS to Make API Calls
One of the most heavily-contested questions in our AWS Certified Solutions Architect Associate Practice Test course revolves around what needs to be done to allow newly created IAM users to make API calls.
Let me summarize the question here:
The correct answer is D – Create a set of Access Keys for the user. However, one of our students contested because he assumed that the access keys are automatically created when the IAM user was created. He thought the logical answer was to assign an API policy to the user (letter C).
But this assumption is incorrect. There are various ways to create an IAM user and it is possible that the programmatic access is not enabled when the IAM user is created. For better illustration, I highly suggest that you login to your AWS Console and create an IAM User. I provided a screenshot here to fully clarify the issue as it is dangerous to have an incorrect assumption.
When you create an IAM user, you enter the username and you choose which Access type that user will have: either a programmatic access or just an AWS Management Console Access. If you choose programmatic access, then the access key ID and secret access key will automatically be created but, if you just selected AWS Management Console Access only, then there would be there will be no access key ID and secret access key generated.
If you selected AWS Management Console Access only, then what will be generated is the username and password for the AWS Console as shown below. Take note that these are not your access key ID and secret access key, hence, you cannot use these credentials in accessing the AWS APIs.
However, if you selected Programmatic Access, then the access key ID and secret access key will be generated as shown below.
In the event that you created a user with Management Console access only and you want them to have programmatic API access, then you can simply “Create a Set of Access Keys for the User”, as what is mentioned on the answer key of our practice test.
Go to the IAM -> Users and then under the Security Credentials tab, you will see a section where you can create the access keys for your users:
I highly suggest that everyone verify and check this out on their own AWS account. Never skip your hands-on AWS exercises to avoid incorrect answers in the exam.
And if you want more Q&A sessions like this, check out our best selling AWS Certified Solutions Architect Associate Practice Test course in Udemy, which contains 390 unique questions in 6 sets of practice tests that are meant to test your knowledge in as many AWS concepts as possible including those which frequently appear in the actual exam.
Wish you all the best on your exam!
AWS Solutions Architect is consistently among the top paying IT certifications, considering that Amazon Web Services is the leading cloud services platform in the world with almost 50% market share! Earn over $150,000 per year with an AWS Solutions Architect certification!
Subscribe to our newsletter for more helpful AWS blogs like this and answer as many practice tests as you can before taking the exam.