diff --git a/builtin/providers/aws/resource_aws_api_gateway_api_key.go b/builtin/providers/aws/resource_aws_api_gateway_api_key.go
index fe606a5e0..24fc04519 100644
--- a/builtin/providers/aws/resource_aws_api_gateway_api_key.go
+++ b/builtin/providers/aws/resource_aws_api_gateway_api_key.go
@@ -68,6 +68,15 @@ func resourceAwsApiGatewayApiKey() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+
+			"value": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ForceNew:     true,
+				Sensitive:    true,
+				ValidateFunc: validateApiGatewayApiKeyValue,
+			},
 		},
 	}
 }
@@ -80,6 +89,7 @@ func resourceAwsApiGatewayApiKeyCreate(d *schema.ResourceData, meta interface{})
 		Name:        aws.String(d.Get("name").(string)),
 		Description: aws.String(d.Get("description").(string)),
 		Enabled:     aws.Bool(d.Get("enabled").(bool)),
+		Value:       aws.String(d.Get("value").(string)),
 		StageKeys:   expandApiGatewayStageKeys(d),
 	})
 	if err != nil {
@@ -96,7 +106,8 @@ func resourceAwsApiGatewayApiKeyRead(d *schema.ResourceData, meta interface{}) e
 	log.Printf("[DEBUG] Reading API Gateway API Key: %s", d.Id())
 
 	apiKey, err := conn.GetApiKey(&apigateway.GetApiKeyInput{
-		ApiKey: aws.String(d.Id()),
+		ApiKey:       aws.String(d.Id()),
+		IncludeValue: aws.Bool(true),
 	})
 	if err != nil {
 		if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NotFoundException" {
@@ -111,6 +122,7 @@ func resourceAwsApiGatewayApiKeyRead(d *schema.ResourceData, meta interface{}) e
 	d.Set("description", apiKey.Description)
 	d.Set("enabled", apiKey.Enabled)
 	d.Set("stage_key", flattenApiGatewayStageKeys(apiKey.StageKeys))
+	d.Set("value", apiKey.Value)
 
 	if err := d.Set("created_date", apiKey.CreatedDate.Format(time.RFC3339)); err != nil {
 		log.Printf("[DEBUG] Error setting created_date: %s", err)
diff --git a/builtin/providers/aws/resource_aws_api_gateway_api_key_test.go b/builtin/providers/aws/resource_aws_api_gateway_api_key_test.go
index cafb890ea..a7d519ae6 100644
--- a/builtin/providers/aws/resource_aws_api_gateway_api_key_test.go
+++ b/builtin/providers/aws/resource_aws_api_gateway_api_key_test.go
@@ -33,6 +33,8 @@ func TestAccAWSAPIGatewayApiKey_basic(t *testing.T) {
 						"aws_api_gateway_api_key.test", "created_date"),
 					resource.TestCheckResourceAttrSet(
 						"aws_api_gateway_api_key.test", "last_updated_date"),
+					resource.TestCheckResourceAttr(
+						"aws_api_gateway_api_key.custom", "value", "MyCustomToken#@&\"'(§!ç)-_*$€¨^£%ù+=/:.;?,|"),
 				),
 			},
 		},
@@ -176,4 +178,15 @@ resource "aws_api_gateway_api_key" "test" {
     stage_name = "${aws_api_gateway_deployment.test.stage_name}"
   }
 }
+
+resource "aws_api_gateway_api_key" "custom" {
+  name = "bar"
+  enabled = true
+  value = "MyCustomToken#@&\"'(§!ç)-_*$€¨^£%ù+=/:.;?,|"
+
+  stage_key {
+    rest_api_id = "${aws_api_gateway_rest_api.test.id}"
+    stage_name = "${aws_api_gateway_deployment.test.stage_name}"
+  }
+}
 `
diff --git a/builtin/providers/aws/validators.go b/builtin/providers/aws/validators.go
index 03d2b3943..a8f9c66cf 100644
--- a/builtin/providers/aws/validators.go
+++ b/builtin/providers/aws/validators.go
@@ -964,7 +964,19 @@ func validateAccountAlias(v interface{}, k string) (ws []string, es []error) {
 	if strings.HasSuffix(val, "-") {
 		es = append(es, fmt.Errorf("%q must not end in a hyphen", k))
 	}
+	return
+}
 
+func validateApiGatewayApiKeyValue(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if len(value) < 30 {
+		errors = append(errors, fmt.Errorf(
+			"%q must be at least 30 characters long", k))
+	}
+	if len(value) > 128 {
+		errors = append(errors, fmt.Errorf(
+			"%q cannot be longer than 128 characters", k))
+	}
 	return
 }
 
diff --git a/website/source/docs/providers/aws/r/api_gateway_api_key.html.markdown b/website/source/docs/providers/aws/r/api_gateway_api_key.html.markdown
index ad537cfd6..c57c081f3 100644
--- a/website/source/docs/providers/aws/r/api_gateway_api_key.html.markdown
+++ b/website/source/docs/providers/aws/r/api_gateway_api_key.html.markdown
@@ -39,6 +39,7 @@ The following arguments are supported:
 * `name` - (Required) The name of the API key
 * `description` - (Optional) The API key description. Defaults to "Managed by Terraform".
 * `enabled` - (Optional) Specifies whether the API key can be used by callers. Defaults to `true`.
+* `value` - (Optional) The value of the API key. If not specified, it will be automatically generated by AWS on creation.
 * `stage_key` - (Optional) A list of stage keys associated with the API key - see below
 
 `stage_key` block supports the following:
@@ -53,6 +54,7 @@ The following attributes are exported:
 * `id` - The ID of the API key
 * `created_date` - The creation date of the API key
 * `last_updated_date` - The last update date of the API key
+* `value` - The value of the API key
 
 
 ## Import