Prerequisites to use the Amazon CLI version 2
To access Amazon services with the Amazon CLI, you need an Amazon Web Services account, IAM credentials, and an IAM access key pair. When running Amazon CLI commands, the Amazon CLI needs to have access to those Amazon credentials.
To increase the security of your Amazon account, we recommend that you do not use your root account credentials. You should create an IAM user to provide access credentials to the tasks you'll be running in Amazon.
Topics
Step 1: Sign up to Amazon
If you do not have an Amazon Web Services account, use the following procedure to create one.
To sign up for Amazon Web Services
Open http://www.amazonaws.cn/
and choose Sign Up. Follow the on-screen instructions.
Step 2: Create an IAM account
Secure IAM users
After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see Enable a virtual MFA device for an IAM user (console) in the IAM User Guide.
To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks.
For more information about creating and securing IAM users, see the following topics in the IAM User Guide:
Step 3: Create an access key ID and secret access key
For CLI access, you need an access key ID and a secret access key. Use temporary credentials instead of long-term access keys when possible. Temporary credentials include an access key ID, a secret access key, and a security token that indicates when the credentials expire. For more information, see Best practices for managing Amazon access keys in the Amazon General Reference.
Users need programmatic access if they want to interact with Amazon outside of the Amazon Web Services Management Console. The Amazon APIs and the Amazon Command Line Interface require access keys. Whenever possible, create temporary credentials that consist of an access key ID, a secret access key, and a security token that indicates when the credentials expire.
To grant users programmatic access, choose one of the following options.
| Which user needs programmatic access? | To | By |
|---|---|---|
| IAM | Use short-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs (directly or by using the Amazon SDKs). | Following the instructions in Using temporary credentials with Amazon resources in the IAM User Guide. |
| IAM | Use long-term credentials to sign programmatic requests to the Amazon CLI or Amazon APIs
(directly or by using the Amazon SDKs). (Not recommended) |
Following the instructions in Managing access keys for IAM users in the IAM User Guide. |
Next steps
After creating an Amazon Web Services account, IAM credentials, and an IAM access key pair, to use the Amazon CLI you can do one of the following:
-
Install the latest release of the Amazon CLI version 2 on your computer.
-
Install a past release of the Amazon CLI version 2 on your computer.
-
Access the Amazon CLI version 2 from your computer using a Docker image.
-
Access the Amazon CLI version 2 in the Amazon console from your browser using Amazon CloudShell. For more information see the Amazon CloudShell User Guide.