Setting AWS Credentials

From NovaOrdis Knowledge Base
Revision as of 06:09, 30 November 2018 by Ovidiu (talk | contribs) (→‎Java)
Jump to navigation Jump to search

External

Internal

Procedure

Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here: Amazon AWS API Access Keys.

Command Line

Access keys can be specified on command line every time an ec2 command is issued, with:

-aws-access-key or -O
--aws-secret-key or -W

Environment Variables

Access keys can be specified by setting the following environment variables:

export AWS_ACCESS_KEY=your-aws-access-key-id 
export AWS_SECRET_KEY=your-aws-secret-key

Java

The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:

  1. Java system properties: 'aws.accessKeyId' adn 'aws.secretAccessKey'. The SDK uses SystemPropertyCredentialsProvider to load these credentials.

In case the Java process that is performing the call does not have access to the environment, the credentials may be specified in .aws/credentials:

[default]
aws_access_key_id=...
aws_secret_access_key=...


com.uplift.dev.cryptm.CryptoConverterTests > convertToDatabaseColumn_convertToEntityAttribute STANDARD_ERROR
30-Nov-2018 03:46:58	    com.amazonaws.services.kms.model.AWSKMSException: User: arn:aws:sts::144446676909:assumed-role/IamBambooBuildRole/i-07683b7dde59c0696 is not authorized to perform: kms:GenerateDataKey on resource: arn:aws:kms:us-west-2:673499572719:key/0138371a-8054-4c96-9d1f-20a4db2c4ffd (Service:   AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 49ba097c-506b-4387-a3a3-7bee0e2e9efd)