As part of our ongoing efforts to help keep your resources secure, on April 21, 2014 AWS will remove the ability to retrieve existing secret access keys for your AWS (root) account. Secret access keys are, as the name implies, secrets, like your password. Just as AWS doesn’t allow you to retrieve your password if you forget it, you will no longer be able to retrieve the secret access keys for your root account. This is (and always has been) the case with secret access keys for IAM users.
For more information about this change, see last year’s blog post “Where’s my secret access key?“ where we first announced that this change was coming and introduced the new AWS security credentials page in the AWS Management Console.
What do you need to do? If you haven't done so already, visit the legacy security credentials page to retrieve the access key (or keys) for your account before April 21, 2014. After that, you will still be able to rotate access keys, but not retrieve pre-existing secret access keys.
You can always create a new access key if necessary, just like you can create a new password if you forget your current one. But we recommend that you create an IAM user with access keys, instead of having access keys for your root account because root access keys allow full access to all resources in your AWS account. We’ve seen a couple cases where customers accidentally uploaded their root access keys to public code repositories, so we recommend minimizing your security surface area by deleting (or not creating) root access keys altogether. Check out the Best Practices for Managing AWS Access Keys topic in the AWS documentation, which contains our recommendations for securing your access keys. This is accompanied by step-by-step instructions for Managing Access Keys for your AWS Account.