Create an access key

Now that you know the authentication details associated with your cloud provider’s account, you can create an access key. An access key is a label that stores and makes use of these details once referred to in your property configurations.

You need to align the access key with the authentication method that your properties use when authenticating with cloud providers, as well as the security networks where they are deployed and the special geographic regions where they are allowed to serve traffic.
Important: You can only see an access key identifier and a secret at the time of creating an access key. After you’ve created the access key, you can update these values by creating a version of the access key. Once Cloud Access Manager is enabled, the secret access key is encrypted and will not be visible to Akamai. This may affect the way Akamai works with you to troubleshoot issues.

Before you begin

Determine the level of security provided by the properties for which you wish to activate your access key. Depending on the supported delivery method of your properties, you need to enable the access key on a PCI-compliant or PCI-noncompliant network. For more information on HTTPS delivery options, see Determine the level of security.
Note: You can only create access keys for groups you have access to. See Access key access control.
Note: You are limited to 50 access keys per contract, and 2 versions per key (active, pending activation, or pending deletion). If you reach this limit, you will need to delete an access key version before you can create a new one.

How to

  1. Go to Origin Services > Cloud Access Manager.
  2. In Cloud Access Manager, click New access key.
  3. Provide authentication and security details as follows:
    1. Name: Provide a name for the access key.
      You’ll use this name to search for this key in Cloud Access Manager and to refer to the authentication details store in this access key in the Origin Characteristics behavior of your property.
      Note: You can name your access key only once at the time of creation. With each update of the access key, the system adds a version number to the existing name.
    2. Contract: Select the contract that you want the access key to be available for.
    3. Authentication method: Select the target authentication method that you want to use this access key for.
      You can choose Amazon Web Services or Interoperability Google Cloud Storage.
      Important: The authentication method of an access key must match the authentication method selected in the Origin Characteristics behavior of your property.
    4. Access key ID: Enter an access key identifier associated with your cloud provider’s account.
    5. Secret access key: Enter a secret paired with your access key identifier.
  4. In Network security, specify the level of security of the properties for which you are activating the access key:
    1. Deployment network: Select the type of security network where your properties are allowed to serve traffic:
    • PCI-compliant. Enables the access key on the enhanced secure network that serves PCI-compliant traffic. You can use this access key only with property configurations whose Security Options are set to Enhanced TLS. See Deployment network in the list of key concepts and terms.
      Note: For this option to be available, your contract needs to support serving traffic with Enhanced TLS certificates. To set this option for your contract, contact your account representative.

      Also, you need to provision an Enhanced TLS certificate for hostnames in a property for which you want a PCI-compliant access key to authorize requests.

    • PCI-noncompliant. Enables the access key on the standard secure network that serves secure PCI-noncompliant traffic. If no Standard TLS certificate is present for your property hostnames, this option also supports serving HTTP traffic. You can use this access key with property configurations whose Security Options are set to Standard TLS ready or Enhanced TLS. See Deployment network in the list of key concepts and terms.
  5. Include China: Enable if your certificate allows serving traffic on Akamai's China CDN and you want to use it with a property configuration that has a certificate that allows serving traffic on the China CDN.
    Property configurations on the PCI-noncompliant network serve traffic on the Russia CDN by default.
  6. Include Russia: Enable if your certificate allows serving traffic on Akamai's Russia CDN.
    This option is available only for property configurations that use Enhanced TLS certificates on the PCI-compliant network. Properties that use Standard TLS certificates allow serving traffic on the Russia CDN by default. Note that you can't serve traffic both in Russia and China with properties that use Enhanced TLS certificates.
  7. Click Activate.
    Activating an access key takes up to 10 minutes, after which your access key is active on both staging and production networks. Once this is done, you can reference it in your properties.

Next steps

Configure your property to sign requests with an access key.