IAM / Client / create_service_specific_credential

create_service_specific_credential

IAM.Client.create_service_specific_credential(**kwargs)

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Service-specific credentials for IAM users in the IAM User Guide.

See also: AWS API Documentation

Request Syntax

response = client.create_service_specific_credential(
    UserName='string',
    ServiceName='string',
    CredentialAgeDays=123
)

Parameters:

• UserName (string) –

  [REQUIRED]

  The name of the IAM user that is to be associated with the credentials. The new service-specific credentials have the same permissions as the associated user except that they can be used only to access the specified service.

  This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

• ServiceName (string) –

  [REQUIRED]

  The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

• CredentialAgeDays (integer) – The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.

Return type:

dict

Returns:

Response Syntax

{
    'ServiceSpecificCredential': {
        'CreateDate': datetime(2015, 1, 1),
        'ExpirationDate': datetime(2015, 1, 1),
        'ServiceName': 'string',
        'ServiceUserName': 'string',
        'ServicePassword': 'string',
        'ServiceCredentialAlias': 'string',
        'ServiceCredentialSecret': 'string',
        'ServiceSpecificCredentialId': 'string',
        'UserName': 'string',
        'Status': 'Active'|'Inactive'|'Expired'
    }
}

Response Structure

• (dict) –

  • ServiceSpecificCredential (dict) –

    A structure that contains information about the newly created service-specific credential.

    Warning

    This is the only time that the password for this credential set is available. It cannot be recovered later. Instead, you must reset the password with ResetServiceSpecificCredential.

    • CreateDate (datetime) –

      The date and time, in ISO 8601 date-time format, when the service-specific credential were created.

    • ExpirationDate (datetime) –

      The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.

    • ServiceName (string) –

      The name of the service associated with the service-specific credential.

    • ServiceUserName (string) –

      The generated user name for the service-specific credential. This value is generated by combining the IAM user’s name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.

    • ServicePassword (string) –

      The generated password for the service-specific credential.

    • ServiceCredentialAlias (string) –

      For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.

    • ServiceCredentialSecret (string) –

      For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.

    • ServiceSpecificCredentialId (string) –

      The unique identifier for the service-specific credential.

    • UserName (string) –

      The name of the IAM user associated with the service-specific credential.

    • Status (string) –

      The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.

Exceptions

• IAM.Client.exceptions.LimitExceededException

• IAM.Client.exceptions.NoSuchEntityException

• IAM.Client.exceptions.ServiceNotSupportedException