If you are using AWS tools, you probably know about IAM(Identity and Access Management). Generally, it makes it possible to separate uses/roles to manage different services.
The best practice: do not use the root account for daily tasks. Create different IAM roles with limited access instead.
For instance, you have three projects. Therefore, the best way would be to create three users: user1, user2, user3.
- user1 can only manage S3
- user2 can manage EC2 instances and Load Balancer
- user3 can manage RDS
And you want to execute API calls to perform some actions.
Here is my favorite approach for that:
- create
~/.aws/credentialsfile - add sections for each user/profile
[user1]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[user2]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[user3]
aws_access_key_id = xxx
aws_secret_access_key = xxx
- run command with
--profileparam
aws rds create-db-instance --profile user1 ...
Run these commands to see the configurations:
aws configure list
aws configure list --profile user1
cat ~/.aws/credentials
You can also check these super helpful official articles.
Top comments (0)