This topic describes how to delete an AccessKey pair of a Resource Access Management (RAM) user. If a RAM user no longer needs to access Alibaba Cloud resources by calling API operations or using other development tools, you can delete an AccessKey pair of the RAM user. RAM supports the recycle bin feature. When you delete the AccessKey pairs of a RAM user, the AccessKey pairs are moved to the recycle bin. Then, the AccessKey pairs are automatically deleted from the recycle bin on a regular basis. You can also manually delete AccessKey pairs from the recycle bin. If you accidentally delete an AccessKey pair, you can manually restore the AccessKey pair. This helps minimize the adverse impacts that are caused by accidental deletion of AccessKey pairs.
Prerequisites
Before you can delete the AccessKey pair of a RAM user, you must disable the AccessKey pair. For more information about how to disable an AccessKey pair, see Disable an AccessKey pair of a RAM user.
Quota
The recycle bin can contain up to three AccessKey pairs of a single RAM user. If the number of AccessKey pairs of a single RAM user in the recycle bin exceeds the limit, the system automatically deletes the earliest AccessKey pairs that are moved to the recycle bin.
Move an AccessKey pair to the recycle bin
After you disable an AccessKey pair, you can move the AccessKey pair to the recycle bin. You can no longer use a disabled AccessKey pair or an AccessKey pair that is in the recycle bin.
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Users page, click the username of the RAM user that you want to manage.
In the AccessKey section of the Authentication tab, find the AccessKey pair that you want to manage and click Delete in the Actions column.
In the Delete message, enter the AccessKey ID and click Move to Recycle Bin.
Permanently delete an AccessKey pair
Deletion methods
Automatic deletion: The retention period of AccessKey pairs in the recycle bin is 30 days. If the retention period ends, the system automatically deletes the AccessKey pairs.
Manual deletion: You can manually delete AccessKey pairs from the recycle bin. The following procedure describes how to manually delete an AccessKey pair from the recycle bin.
Impact
If you delete an AccessKey pair from the recycle bin, the AccessKey pair is permanently deleted. You cannot restore information about the AccessKey pair.
Procedure
In the AccessKey Pair Recycle Bin section of the user details page, find the AccessKey pair that you want to manage and click Delete in the Actions column.
In the Delete dialog box, enter the AccessKey ID that you want to delete and click Delete.
Restore an AccessKey pair from the recycle bin
If you accidentally delete an AccessKey pair or if you no longer want to delete the AccessKey pair, you can restore the AccessKey pair from the recycle bin. After you restore an AccessKey pair, the AccessKey pair is enabled. Then, you can use the AccessKey pair to perform operations.
If the RAM user whose AccessKey pair you want to restore is also in the recycle bin, you must restore the RAM user before you can restore the AccessKey pair.
The system restores all information about an AccessKey pair. However, the AccessKey secret is displayed only when the AccessKey pair was created. You cannot query the AccessKey secret.
In the AccessKey Pair Recycle Bin section of the user details page, find the AccessKey pair that you want to manage and click Delete in the Restore column.
In the Restore AccessKey Pair message, click Restore.