05-03 Access Keys

Last updated Aug 17, 2023 Edit Source

Access Keys (aka AWS Credentials) is a key and secret required to have programmatic access to AWS resources when interacting with the AWS API outside of the AWS Management Console.

Note

A user must be granted access to use Access Keys

• Never share your access keys
• Never commit access keys to a codebase
• You can have two active Access Keys
• You can deactivate Access Keys
• Access Keys have whatever access a user has to AWS resources.

Access Keys are to be store in ~/.aws/credentials and follow a TOML file format

1
2
3
4
5
6
7

[default]
aws_access_key_id=AKIAIOSFODNNTEXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[exampro]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
region=ca-central-i

• Default will be the access key used when no profile is specified.
• You can store multiple access keys by giving the profile names. ex. exampro

1
2
3
4
5

$ aws configure
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Kev [Nonel: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: json

• You can use the aws configure CLI command to populate the credential file.

1
2
3

$ export AWS ACCESS KEY ID=AKIAIOSFODNNTEXAMPLE
$ export AWS SECRET ACCESS KEY=wJalrxUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
$ export AWS DEFAULT REGION=us-west-2

• The AWS SDK will automatically read from these environment variables
• This is the safe way of using an Access Key in your code.