Setting AWS Credentials: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 10: Line 10:


Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: [[Amazon AWS Security Concepts#API_Access_Keys|Amazon AWS API Access Keys]].
Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: [[Amazon AWS Security Concepts#API_Access_Keys|Amazon AWS API Access Keys]].
==Command Line==


Access keys can be specified on command line every time an ec2 command is issued, with:
Access keys can be specified on command line every time an ec2 command is issued, with:


<pre>
-aws-access-key or -O
--aws-secret-key or -W
</pre>


or by setting the following environment variables:
-aws-access-key or -O
--aws-secret-key or -W
 
==Environment Variables==
 
Access keys can be specified by setting the following environment variables:


  export AWS_ACCESS_KEY=your-aws-access-key-id  
  export AWS_ACCESS_KEY=your-aws-access-key-id  
  export AWS_SECRET_KEY=your-aws-secret-key
  export AWS_SECRET_KEY=your-aws-secret-key
==Java==


In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:
In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:
Line 28: Line 33:
  aws_access_key_id=...
  aws_access_key_id=...
  aws_secret_access_key=...
  aws_secret_access_key=...





Revision as of 06:03, 30 November 2018

External

Internal

Procedure

Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.

Command Line

Access keys can be specified on command line every time an ec2 command is issued, with:


-aws-access-key or -O
--aws-secret-key or -W 

Environment Variables

Access keys can be specified by setting the following environment variables:

export AWS_ACCESS_KEY=your-aws-access-key-id 
export AWS_SECRET_KEY=your-aws-secret-key

Java

In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:

[default]
aws_access_key_id=...
aws_secret_access_key=...



https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html
com.uplift.dev.cryptm.CryptoConverterTests > convertToDatabaseColumn_convertToEntityAttribute STANDARD_ERROR
30-Nov-2018 03:46:58	    com.amazonaws.services.kms.model.AWSKMSException: User: arn:aws:sts::144446676909:assumed-role/IamBambooBuildRole/i-07683b7dde59c0696 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-west-2:673499572719:key/0138371a-8054-4c96-9d1f-20a4db2c4ffd (Service:   AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 49ba097c-506b-4387-a3a3-7bee0e2e9efd)