Setting AWS Credentials: Difference between revisions
Jump to navigation
Jump to search
(→Java) |
|||
| (12 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=External= | =External= | ||
* https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html | |||
* https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format | * https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format | ||
* https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html | * https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html | ||
| Line 5: | Line 6: | ||
=Internal= | =Internal= | ||
* [[ | * [[Amazon_AWS_Security_Concepts#Credential_Providers|AWS Security Concepts]] | ||
* [[AWS Security Operations#Setting_AWS_Credentials|AWS Security Operations]] | |||
* [[AWS_SDK_for_Java_Concepts#Working_with_AWS_Credentials|AWS SDK for Java Concepts]] | * [[AWS_SDK_for_Java_Concepts#Working_with_AWS_Credentials|AWS SDK for Java Concepts]] | ||
=Display Identity= | |||
<font size=-1> | |||
[[AWS_Security_Operations#IAM_Information|aws sts get-caller-identity]] | |||
</font> | |||
=Procedure= | =Procedure= | ||
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: | Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: {{Internal|Amazon AWS Security Concepts#API_Access_Keys|Amazon AWS API Access Keys}} | ||
==Command Line== | ==Command Line== | ||
Access keys can be specified on command line every time an ec2 command is issued, with: | Access keys can be specified on command line every time an ec2 command is issued, with: | ||
<font size=-1> | |||
-aws-access-key or -O | -aws-access-key or -O | ||
--aws-secret-key or -W | --aws-secret-key or -W | ||
</font> | |||
==Environment Variables== | ==Environment Variables== | ||
Access keys can be specified by setting the following environment variables: | Access keys can be specified by setting the following environment variables: | ||
<font size=-1> | |||
export AWS_ACCESS_KEY=your-aws-access-key-id | export AWS_ACCESS_KEY=your-aws-access-key-id | ||
export AWS_SECRET_KEY=your-aws-secret-key | export AWS_SECRET_KEY=your-aws-secret-key | ||
</font> | |||
==<span id='aws_configure'></span>AWS CLI Configuration with <tt>aws configure</tt>== | |||
{{Internal|AWS_CLI#Configuration|AWS CLI Configuration}} | |||
==Java== | ==Java== | ||
| Line 35: | Line 45: | ||
3. '''The default credential profile file''' (~/.aws/credentials). The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html ProfileCredentialsProvider] for that. | 3. '''The default credential profile file''' (~/.aws/credentials). The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html ProfileCredentialsProvider] for that. | ||
<font size=-1> | |||
[default] | [default] | ||
aws_access_key_id=... | aws_access_key_id=... | ||
aws_secret_access_key=... | aws_secret_access_key=... | ||
</font> | |||
4. '''Amazon ECS container credentials'''. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.html CredentialsProvider] for that. | 4. '''Amazon ECS container credentials'''. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.html CredentialsProvider] for that. | ||
5. '''Instance profile credentials''' on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.html InstanceProfileCredentialsProvider] for that. | 5. '''Instance profile credentials''' on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.html InstanceProfileCredentialsProvider] for that. | ||
===Explicit Credentials=== | |||
{{Internal|AWS_KMS_API#Setting_Explicit_Credentials|Setting Explicit Credentials for AWS KMS}} | |||
Latest revision as of 06:46, 3 October 2021
External
- https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
- https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-file-format
- https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
Internal
Display Identity
aws sts get-caller-identity
Procedure
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here:
Command Line
Access keys can be specified on command line every time an ec2 command is issued, with:
-aws-access-key or -O --aws-secret-key or -W
Environment Variables
Access keys can be specified by setting the following environment variables:
export AWS_ACCESS_KEY=your-aws-access-key-id export AWS_SECRET_KEY=your-aws-secret-key
AWS CLI Configuration with aws configure
Java
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:
1. Java system properties ('aws.accessKeyId' adn 'aws.secretAccessKey'). The SDK uses SystemPropertyCredentialsProvider to load these credentials.
2. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses EnvironmentVariableCredentialsProvider for that.
3. The default credential profile file (~/.aws/credentials). The SDK uses ProfileCredentialsProvider for that.
[default] aws_access_key_id=... aws_secret_access_key=...
4. Amazon ECS container credentials. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses CredentialsProvider for that.
5. Instance profile credentials on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses InstanceProfileCredentialsProvider for that.