Allowing Your IAM Users in AWS to Make API Calls

/, AWS CSA FAQ, BLOG/Allowing Your IAM Users in AWS to Make API Calls

Allowing Your IAM Users in AWS to Make API Calls

One of the most heavily-contested questions in our AWS Certified Solutions Architect Associate Practice Test course revolves around what needs to be done to allow newly created IAM users to make API calls.

Let me summarize the question here:

aws practice test

 

The correct answer is D – Create a set of Access Keys for the user. However, one of our students contested because he assumed that the access keys are automatically created when the IAM user was created. He thought the logical answer was to assign an API policy to the user (letter C).

But this assumption is incorrect. There are various ways to create an IAM user and it is possible that the programmatic access is not enabled when the IAM user is created. For better illustration, I highly suggest that you login to your AWS Console and create an IAM User. I provided a screenshot here to fully clarify the issue as it is dangerous to have an incorrect assumption.

When you create an IAM user, you enter the username and you choose which Access type that user will have: either a programmatic access or just an AWS Management Console Access. If you choose programmatic access, then the access key ID and secret access key will automatically be created but, if you just selected AWS Management Console Access only, then there would be there will be no access key ID and secret access key generated.

IAM access key

If you selected AWS Management Console Access only, then what will be generated is the username and password for the AWS Console as shown below. Take note that these are not your access key ID and secret access key, hence, you cannot use these credentials in accessing the AWS APIs.

AWS Management Console

However, if you selected Programmatic Access, then the access key ID and secret access key will be generated as shown below.

Programmatic access

In the event that you created a user with Management Console access only and you want them to have programmatic API access, then you can simply “Create a Set of Access Keys for the User”, as what is mentioned on the answer key of our practice test.

Go to the IAM -> Users and then under the Security Credentials tab, you will see a section where you can create the access keys for your users:

IAM user

I highly suggest that everyone verify and check this out on their own AWS account. Never skip your hands-on AWS exercises to avoid incorrect answers in the exam. 

And if you want more Q&A sessions like this, check out our best selling AWS Certified Solutions Architect Associate Practice Test course in Udemy, which contains 390 unique questions in 6 sets of practice tests that are meant to test your knowledge in as many AWS concepts as possible including those which frequently appear in the actual exam.

Wish you all the best on your exam!

Enroll Now – AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate

Enroll Now – AWS Certified Solutions Architect Professional Practice Exams

AWS Certified Solutions Architect Professional Tutorials Dojo

Enroll Now – AWS Certified SysOps Administrator Associate Practice Exams

AWS Certified SysOps Administrator Associate Tutorials Dojo

Recent Tweets

Recent Posts

Categories

AWS Solutions Architect is consistently among the top paying IT certifications, considering that Amazon Web Services is the leading cloud services platform in the world with almost 50% market share! Earn over $150,000 per year with an AWS Solutions Architect certification!

Subscribe to our newsletter for more helpful AWS blogs like this and answer as many practice tests as you can before taking the exam. 🙂

Subscribe to our Newsletter
Sign up now and have the latest tech tutorials delivered straight to your mailbox.

PLUS: Upgrade your career by getting exclusive access to freebies, promotions and lots more!
I agree to have my personal information transfered to AWeber ( more information )
2018-12-02T11:23:46+00:00

New Courses

Contact Info

1600 Amphitheatre Parkway New York WC1 1BA

Phone: 1.800.458.556 / 1.800.532.2112

Fax: 458 761-9562

Web: ThemeFusion

Recent Posts