In this article we'll be setting up AWS CLI and credentials which is useful when we want to interact with our aws services or resources programmatically.
Before we can install and setup our AWS CLI we will require
So, let's look at how we can get those from the aws console
Note: we will be creating a new IAM user rather than creating access keys on the root aws account which is generally a good practice
Add a new user
Let's start by going over to IAM dashboard and add a new user
Give a user name and allow programmatic access
This is the most important part. Here, we will attach policies that will give the user appropriate access to the AWS services.
For demonstration purposes I've attached a AWS managed policy
It's always good to tag our resources but this is optional.
The user has been created and now we will be able to get our secrets
Note: This is the only time you’ll be able to view the Secret Access Key ID so be sure to write it down or download the CSV.
Our new user was created!
We can install AWS CLI from docs here
Let's configure the CLI for single user
$ aws configure AWS Access Key ID [None]: <Your Access Key ID> AWS Secret Access Key [None]: <Your Secret Access Key ID> Default region name [None]: <Your preferred AWS region> Default output format [None]: json
After the configuration the credentials will be stored at
Here's a list of all the aws regions
Multiple profiles (optional)
Profiles are really helpful if you're working with multiple users/accounts.
$ aws configure --profile xyz
We can switch between profiles using
AWS_PROFILE environment variable.
Note: it is recommended to create a new IAM user with limited permissions and generating access keys for that user instead read more
$ aws configure list Name Value Type Location ---- ----- ---- -------- profile ******** manual --profile access_key *********ABCD shared-credentials-file secret_key *********ABCD shared-credentials-file region <not set> None None
Finally, Let's see if it works!
$ aws s3 ls
If everything is setup correctly, we should see an output.
Now that we've created our aws credentials securely, we can can now use them with AWS CLI or SDK and even terraform!
Thanks for Reading, I hope this was helpful. As always feel free to reach out to me on Twitter if you face any issues!