Setting AWS Credentials

From NovaOrdis Knowledge Base
Revision as of 06:46, 3 October 2021 by Ovidiu (talk | contribs) (→‎Display Identity)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

External

Internal

Display Identity

aws sts get-caller-identity

Procedure

Provision the API access keys for the Amazon IAM user that will use the API. More details about access keys here:

Amazon AWS API Access Keys

Command Line

Access keys can be specified on command line every time an ec2 command is issued, with:

-aws-access-key or -O
--aws-secret-key or -W

Environment Variables

Access keys can be specified by setting the following environment variables:

export AWS_ACCESS_KEY=your-aws-access-key-id 
export AWS_SECRET_KEY=your-aws-secret-key

AWS CLI Configuration with aws configure

AWS CLI Configuration

Java

The AWS SDK attempts to find the AWS credentials using the default credential provider chain implemented by DefaultCredentialProvider. Credentials are looked up in order:

1. Java system properties ('aws.accessKeyId' adn 'aws.secretAccessKey'). The SDK uses SystemPropertyCredentialsProvider to load these credentials.

2. Environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY). The SDK uses EnvironmentVariableCredentialsProvider for that.

3. The default credential profile file (~/.aws/credentials). The SDK uses ProfileCredentialsProvider for that.

[default]
aws_access_key_id=...
aws_secret_access_key=...

4. Amazon ECS container credentials. These are loaded from the Amazon ECS if the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. The SDK uses CredentialsProvider for that.

5. Instance profile credentials on Amazon EC2 instances and delivered through EC2 metadata service. The SDK uses InstanceProfileCredentialsProvider for that.

Explicit Credentials

Setting Explicit Credentials for AWS KMS