Setting up aws Client credentials for locally executing programs and running CLI commands
Creating user with Programmatic access:
While running programs locally, the program should have access to aws Client credentials so that the Program can use it to access aws resources such as DynamoDB, SQS etc. While creating new User one has to specify the user is being granted 'Programmatic access' so that "access_key" and "secret_key" will be generated. This could be used for aws cli, SDK etc.
Client credentials:
- Client credentials goes to a file in the home directory, In Unix based systems it's at ~/.aws and the file name is credentials
- Sample content of ~/.aws/credentials
[default]
aws_access_key_id=AKIAIOSFEXUSEREXAMPLEaws_secret_access_key=wJalrKJDLFJ78EMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[user1]
aws_access_key_id=AKIAI44QH8JFIOHDFBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9UDFKJh3yCo8nvbEXAMPLEKEY- The first line is the profile name within square bracket
aws region configuration:
- aws region information goes to a file in the same directory (~/.aws) and the file name is config (no extension)
- Sample content of ~/.aws/config
[default]region=us-west-2output=json[profile user1]region=us-east-1output=text
- Note the prefix 'profile' before the 'user1' this is needed in config file and it would be simply 'user1' in credentials file
Aws cli assume default profile while running cli command, if you want to use different user profile then mention profile name
aws dynamodb describe-table --profile user1 --table-name songs
No comments:
Post a Comment