Is awsaccesskeyid a secret?

340    Asked by AndrewJenkins in Cyber Security , Asked on Sep 23, 2022

AWS's "Secret Key" is (obviously) a secret, but should an "Access Key" alone (without the corresponding secret key) be considered a secret too?

Answered by Ankit yadav

While the AWSAccessKeyID is like a username (and the Secret Access Key is like a password), the Access Key ID is also designed to be shared and AWS does this explicitly with the AWS Pre Signed Object URL feature as mentioned by John Hanley in a previous comment. This is an expanded response.

AWS Pre Signed Object URLs are shareable links designed to be given to non-authenticated users. The following is a description of AWS Pre Signed Object URLs from AWS docs:

All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects.


AWS documentation has a lot of code to create the URLs but I couldn't find example URLs. An example Pre Signed Object URL is available in the following CloudBerry Lab guide showing 3 query string parameters including AWSAccessKeyId, Signature and Expires.

Guide: "Using Amazon S3 Pre-Signed URLs for Temporary Object Access"

Guide URL:

Your Answer


Parent Categories