In this article we'll be setting up AWS CLI and credentials which is useful when we want to interact with our aws services or resources programmatically.
Setting up AWS Credentials
Before we can install and setup our AWS CLI we will require AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
.
So, let's look at how we can get those from the aws console
Note: we will be creating a new IAM user rather than creating access keys on the root aws account which is generally a good practice
Add a new user
Let's start by going over to IAM dashboard and add a new user
Give a user name and allow programmatic access
Attach policies
This is the most important part. Here, we will attach policies that will give the user appropriate access to the AWS services.
For demonstration purposes I've attached a AWS managed policy AmazonS3FullAccess
Tags (optional)
It's always good to tag our resources but this is optional.
Review
Let's give it a final review and then click Create user
Secrets
The user has been created and now we will be able to get our secrets
Note: This is the only time you’ll be able to view the Secret Access Key ID so be sure to write it down or download the CSV.
Our new user was created!
Install AWS CLI
We can install AWS CLI from docs here
Configure AWS CLI
Let's configure the CLI for single user
Single user
$ aws configure
AWS Access Key ID [None]: <Your Access Key ID>
AWS Secret Access Key [None]: <Your Secret Access Key ID>
Default region name [None]: <Your preferred AWS region>
Default output format [None]: json
After the configuration the credentials will be stored at ~/.aws/credentials
Here's a list of all the aws regions
Multiple profiles (optional)
Profiles are really helpful if you're working with multiple users/accounts.
$ aws configure --profile xyz
We can switch between profiles using AWS_PROFILE
environment variable.
For example: export AWS_PROFILE=xyz
Note: it is recommended to create a new IAM user with limited permissions and generating access keys for that user instead read more
$ aws configure list
Name Value Type Location
---- ----- ---- --------
profile ******** manual --profile
access_key *********ABCD shared-credentials-file
secret_key *********ABCD shared-credentials-file
region <not set> None None
Finally, Let's see if it works!
$ aws s3 ls
If everything is setup correctly, we should see an output.
Next steps
Now that we've created our aws credentials securely, we can can now use them with AWS CLI or SDK and even terraform!
Thanks for Reading, I hope this was helpful. As always feel free to reach out to me on Twitter if you face any issues!
Top comments (0)