Authenticate with short-term credentials - Amazon Command Line Interface
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Authenticate with short-term credentials

We recommend configuring your SDK or tool to use IAM Identity Center authentication with extended session duration options. However, you can copy and use temporary credentials that are available in the Amazon access portal. New credentials will need to be copied when these expire. You can use the temporary credentials in a profile or use them as values for system properties and environment variables.

  1. Sign in to the Amazon access portal.

  2. Follow these instructions to copy IAM role credentials from the Amazon access portal.

    1. For step 2 in the linked instructions, choose the Amazon account and IAM role name that grants access for your development needs. This role typically has a name like PowerUserAccess or Developer.

    2. For step 4, select the Add a profile to your Amazon credentials file option and copy the contents.

  3. Create or open the shared credentials file. This file is ~/.aws/credentials on Linux and macOS systems, and %USERPROFILE%\.aws\credentials on Windows. For more information, see Configuration and credential file settings.

  4. Add the following text to the shared credentials file. Replace the sample values with the credentials you copied.

    [default] aws_access_key_id = AKIAIOSFODNN7EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY aws_session_token = IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE
  5. Add your preferred default region and format to the shared config file.

    [default] region=us-west-2 output=json [profile user1] region=us-east-1 output=text

When the SDK creates a service client, it will access these temporary credentials and use them for each request. The settings for the IAM role chosen in step 2a determine how long the temporary credentials are valid. The maximum duration is twelve hours.

Repeat these steps each time your credentials expire.