Setting AWS Credentials: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 28: Line 28:
==Java==
==Java==


The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/index.html?software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html DefaultCredentialProvider]. Credentials are looked up in order:
The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html DefaultCredentialProvider]. Credentials are looked up in order:


# Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/index.html?software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html SystemPropertyCredentialsProvider] to load these credentials.
# Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/index.html?software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html SystemPropertyCredentialsProvider] to load these credentials.

Revision as of 06:09, 30 November 2018

External

Internal

Procedure

Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.

Command Line

Access keys can be specified on command line every time an ec2 command is issued, with:

-aws-access-key or -O
--aws-secret-key or -W

Environment Variables

Access keys can be specified by setting the following environment variables:

export AWS_ACCESS_KEY=your-aws-access-key-id 
export AWS_SECRET_KEY=your-aws-secret-key

Java

The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:

  1. Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses SystemPropertyCredentialsProvider to load these credentials.

In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:

[default]
aws_access_key_id=...
aws_secret_access_key=...


com.uplift.dev.cryptm.CryptoConverterTests > convertToDatabaseColumn_convertToEntityAttribute STANDARD_ERROR
30-Nov-2018 03:46:58	    com.amazonaws.services.kms.model.AWSKMSException: User: arn:aws:sts::144446676909:assumed-role/IamBambooBuildRole/i-07683b7dde59c0696 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-west-2:673499572719:key/0138371a-8054-4c96-9d1f-20a4db2c4ffd (Service:   AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 49ba097c-506b-4387-a3a3-7bee0e2e9efd)