‹ Return to How tos

Creating access keys for a bucket in Amazon Lightsail

Last updated: August 17, 2021

Use access keys to create a set of credentials that grant full access to a bucket and its objects. You can configure access keys on your software or plugin so that it can have full read and write access to a bucket using the AWS APIs, and AWS SDKs. You can also configure access keys on the AWS CLI.

Access keys consist of an access key ID and a secret access key as a set. The secret access key is visible only when you create it. If your secret access key is copied, is lost, or becomes compromised, you should delete your access key and create a new one. You can have a maximum of two access keys per bucket. Even though you can have two, having one access key for your bucket is useful when you need to rotate the key. To rotate an access key, create a new one, configure it on your software and test it, and then delete the earlier key. After you delete an access key, it's gone forever and can't be restored. It can only be replaced with a new access key.

For more information about permission options, see Understanding bucket permissions in Amazon Lightsail. For more information about security best practices, see Security Best Practices for Amazon Lightsail object storage. For more information about buckets, see Object storage in Amazon Lightsail.

Create access keys for a bucket

Complete the following procedure to create access keys for a bucket.

  1. Sign in to the Lightsail console.

  2. On the Lightsail home page, choose the Storage tab.

  3. Choose the name of the bucket for which you want to configure access permissions.

  4. Choose the Permissions tab.

    The Access keys section of the page displays the existing access keys for the bucket, if any.

  5. Choose Create access key to create a new access key for the bucket.

    Note

    You can also choose to delete an existing access key by choosing the trash bin icon for the key you want to delete.

  6. In the prompt that appears, choose Yes, create to confirm that you want to create a new access key. Otherwise, choose No, cancel.

  7. In the success prompt that appears, make a note of the access key ID.

  8. Choose Show secret access key to view the secret access key, and make a note of it. The secret access key will not be shown again.

    Important

    Store your access key ID and secret access key in a secure location. If it becomes compromised, you should delete it and create a new one.

  9. Choose Continue to finish.

    The new access key is listed in the Access keys section of the page. If your access key becomes compromised, or lost, delete it and create a new one.

    Note

    The Last used colunmn displayed next to each access key identifies when the key was last used. A dash is displayed when the key has not been used. Expand the access key node to view the service and AWS Region where the key was last used.

Managing buckets and objects in Lightsail

These are the general steps to manage your Lightsail object storage bucket:

  1. Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see Object storage in Amazon Lightsail.

  2. Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see Bucket naming rules in Amazon Lightsail.

  3. Get started with the Lightsail object storage service by creating a bucket. For more information, see Creating buckets in Amazon Lightsail.

  4. Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see Security Best Practices for Amazon Lightsail object storage and Understanding bucket permissions in Amazon Lightsail.

    After learning about bucket access permissions, see the following guides to grant access to your bucket:

  5. Learn how to enable access logging for your bucket, and how to use access logs to audit the security of your bucket. For more information, see the following guides.

  6. Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see IAM policy to manage buckets in Amazon Lightsail.

  7. Learn about the way that objects in your bucket are labeled and identified. For more information, see Understanding object key names in Amazon Lightsail.

  8. Learn how to upload files and manage objects in your buckets. For more information, see the following guides.

  9. Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see Enabling and suspending object versioning in a bucket in Amazon Lightsail.

  10. After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see Restoring previous versions of objects in a bucket in Amazon Lightsail.

  11. Monitor the utilization of your bucket. For more information, see Viewing metrics for your bucket in Amazon Lightsail.

  12. Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see Creating bucket metric alarms in Amazon Lightsail.

  13. Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see Changing the plan of your bucket in Amazon Lightsail.

  14. Learn how to connect your bucket to other resources. For more information, see the following tutorials.

  15. Delete your bucket if you're no longer using it. For more information, see Deleting buckets in Amazon Lightsail.