Creating and Using AWS Access Keys with the AWS CLI
Access keys are crucial for securely accessing AWS services via the CLI or programmatically. This guide walks you through creating and configuring access keys, as well as using the CLI to interact with AWS resources.
Step 1: Create Access Keys
- Navigate to Security Credentials:
- Log in to the AWS Management Console.
- Click on your username (e.g., Stephane) in the top-right corner.
- Select Security Credentials from the dropdown.
- Scroll to Access Keys:
- Scroll down to the Access Keys section.
- Click on Create Access Key.
- Choose Usage Scenarios:
- AWS may provide recommendations based on the intended use of the access key. For example:
- CLI: Use CloudShell or IAM Identity Center for enhanced security (optional).
- Code: Use these keys for applications running outside or inside AWS.
- Acknowledge the recommendations by clicking I understand the above recommendations.
- Create the Access Key:
- Confirm your selection to generate an Access Key ID and Secret Access Key.
- Important: This is the only time the secret key will be visible. Save it securely.
Step 2: Configure AWS CLI with Access Keys
-
Open a Terminal:
- Launch your terminal (Command Prompt, PowerShell, or a terminal app like iTerm on macOS).
-
Run the Configuration Command:
-
Provide the Required Details:
- Access Key ID: Enter the Access Key ID you created.
- Secret Access Key: Enter the corresponding Secret Access Key.
- Default Region: Choose the AWS region closest to you. For example:
- Region Name:
eu-west-1 (Ireland).
- You can find the region codes in the AWS Management Console dropdown or AWS documentation.
- Default Output Format: Press Enter to leave it as the default (
json).
-
Verify Configuration:
Step 3: Permissions and the CLI
Understanding Permissions
- The CLI permissions match those assigned to the user in the AWS Management Console.
- If your user does not have specific permissions, commands executed via the CLI will fail.
Example of Permission Behavior