Setting AWS Credentials: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 34: Line 34:
2. '''Environment variables''' (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/EnvironmentVariableCredentialsProvider.html EnvironmentVariableCredentialsProvider] for that.
2. '''Environment variables''' (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/EnvironmentVariableCredentialsProvider.html EnvironmentVariableCredentialsProvider] for that.


3. '''The default credential profile file''' (~/.aws/credentials). The SDK uses [
3. '''The default credential profile file''' (~/.aws/credentials). The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html ProfileCredentialsProvider] for that.
 
In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:


  [default]
  [default]
Line 42: Line 40:
  aws_secret_access_key=...
  aws_secret_access_key=...


4. '''Amazon ECS container credentials'''. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.html CredentialsProvider] for that.


com.uplift.dev.cryptm.CryptoConverterTests > convertToDatabaseColumn_convertToEntityAttribute STANDARD_ERROR
5. '''Instance profile credentials''' on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses [https://sdk.amazonaws.com/java/api/2.0.0-preview-11/software/amazon/awssdk/auth/credentials/InstanceProfileCredentialsProvider.html InstanceProfileCredentialsProvider] for that.
30-Nov-2018 03:46:58     com.amazonaws.services.kms.model.AWSKMSException: User: arn:aws:sts::144446676909:assumed-role/IamBambooBuildRole/i-07683b7dde59c0696 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-west-2:673499572719:key/0138371a-8054-4c96-9d1f-20a4db2c4ffd (Service:  AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 49ba097c-506b-4387-a3a3-7bee0e2e9efd)

Revision as of 06:15, 30 November 2018

External

Internal

Procedure

Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.

Command Line

Access keys can be specified on command line every time an ec2 command is issued, with:

-aws-access-key or -O
--aws-secret-key or -W

Environment Variables

Access keys can be specified by setting the following environment variables:

export AWS_ACCESS_KEY=your-aws-access-key-id 
export AWS_SECRET_KEY=your-aws-secret-key

Java

The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:

1. Java system properties ('aws.accessKeyId' adn 'aws.secretAccessKey'). The SDK uses SystemPropertyCredentialsProvider to load these credentials.

2. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses EnvironmentVariableCredentialsProvider for that.

3. The default credential profile file (~/.aws/credentials). The SDK uses ProfileCredentialsProvider for that.

[default]
aws_access_key_id=...
aws_secret_access_key=...

4. Amazon ECS container credentials. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses CredentialsProvider for that.

5. Instance profile credentials on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses InstanceProfileCredentialsProvider for that.