Setting up the tools for the walkthroughs - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting up the tools for the walkthroughs

The introductory examples (see Walkthroughs that use policies to manage access to your Amazon S3 resources) use the Amazon Web Services Management Console to create resources and grant permissions. To test permissions, the examples use the command line tools, Amazon Command Line Interface (Amazon CLI) and Amazon Tools for Windows PowerShell, so you don't need to write any code. To test permissions, you must set up one of these tools.

To set up the Amazon CLI
  1. Download and configure the Amazon CLI. For instructions, see the following topics in the Amazon Command Line Interface User Guide:

    Install or update to the latest version of the Amazon Command Line Interface

    Get started with the Amazon Command Line Interface

  2. Set the default profile.

    You store user credentials in the Amazon CLI config file. Create a default profile in the config file using your Amazon Web Services account credentials. For instructions on finding and editing your Amazon CLI config file, see Configuration and credential file settings.

    [default] aws_access_key_id = access key ID aws_secret_access_key = secret access key region = us-west-2
  3. Verify the setup by entering the following command at the command prompt. Both these commands don't provide credentials explicitly, so the credentials of the default profile are used.

    • Try the help command.

      aws help
    • To get a list of buckets on the configured account, use the aws s3 ls command.

      aws s3 ls

As you go through the walkthroughs, you will create users, and you will save user credentials in the config files by creating profiles, as the following example shows. These profiles have the names of AccountAadmin and AccountBadmin.

[profile AccountAadmin] aws_access_key_id = User AccountAadmin access key ID aws_secret_access_key = User AccountAadmin secret access key region = us-west-2 [profile AccountBadmin] aws_access_key_id = Account B access key ID aws_secret_access_key = Account B secret access key region = us-east-1

To run a command using these user credentials, you add the --profile parameter specifying the profile name. The following Amazon CLI command retrieves a listing of objects in examplebucket and specifies the AccountBadmin profile.

aws s3 ls s3://examplebucket --profile AccountBadmin

Alternatively, you can configure one set of user credentials as the default profile by changing the AWS_DEFAULT_PROFILE environment variable from the command prompt. After you've done this, whenever you perform Amazon CLI commands without the --profile parameter, the Amazon CLI uses the profile you set in the environment variable as the default profile.

$ export AWS_DEFAULT_PROFILE=AccountAadmin
To set up Amazon Tools for Windows PowerShell
  1. Download and configure the Amazon Tools for Windows PowerShell. For instructions, go to Installing the Amazon Tools for Windows PowerShell in the Amazon Tools for Windows PowerShell User Guide.

    Note

    To load the Amazon Tools for Windows PowerShell module, you must enable PowerShell script execution. For more information, see Enable Script Execution in the Amazon Tools for Windows PowerShell User Guide.

  2. For these walkthroughs, you specify Amazon credentials per session using the Set-AWSCredentials command. The command saves the credentials to a persistent store (-StoreAs parameter).

    Set-AWSCredentials -AccessKey AccessKeyID -SecretKey SecretAccessKey -storeas string
  3. Verify the setup.

    • To retrieve a list of available commands that you can use for Amazon S3 operations, run the Get-Command command.

      Get-Command -module awspowershell -noun s3* -StoredCredentials string
    • To retrieve a list of objects in a bucket, run the Get-S3Object command.

      Get-S3Object -BucketName bucketname -StoredCredentials string

For a list of commands, see Amazon Tools for PowerShell Cmdlet Reference.

Now you're ready to try the walkthroughs. Follow the links provided at the beginning of each section.