Setting AWS Credentials
External
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
- https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format
- https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
Internal
Display Identity
aws sts get-caller-identity
Procedure
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here:
Command Line
Access keys can be specified on command line every time an ec2 command is issued, with:
-aws-access-key or -O --aws-secret-key or -W
Environment Variables
Access keys can be specified by setting the following environment variables:
export AWS_ACCESS_KEY=your-aws-access-key-id export AWS_SECRET_KEY=your-aws-secret-key
AWS CLI Configuration with aws configure
Java
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:
1. Java system properties ('aws.accessKeyId' adn 'aws.secretAccessKey'). The SDK uses SystemPropertyCredentialsProvider to load these credentials.
2. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses EnvironmentVariableCredentialsProvider for that.
3. The default credential profile file (~/.aws/credentials). The SDK uses ProfileCredentialsProvider for that.
[default] aws_access_key_id=... aws_secret_access_key=...
4. Amazon ECS container credentials. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses CredentialsProvider for that.
5. Instance profile credentials on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses InstanceProfileCredentialsProvider for that.