This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.
Authenticating with short-term credentials for the Amazon CLI
We recommend configuring your SDK or tool to use IAM Identity
Center authentication
-
Follow these instructions to copy IAM role credentials from the Amazon access portal.
-
For step 2 in the linked instructions, choose the Amazon account and IAM role name that grants access for your development needs. This role typically has a name like PowerUserAccess or Developer.
-
For step 4, select the Add a profile to your Amazon credentials file option and copy the contents.
-
-
Create or open the shared
credentials
file. This file is~/.aws/credentials
on Linux and macOS systems, and%USERPROFILE%\.aws\credentials
on Windows. For more information, see Configuration and credential file settings in the Amazon CLI. -
Add the following text to the shared
credentials
file. Replace the sample values with the credentials you copied.[default] aws_access_key_id = AKIAIOSFODNN7EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY aws_session_token = IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE
-
Add your preferred default region and format to the shared
config
file.[default] region=
us-west-2
output=json
[profile user1] region=us-east-1
output=text
When the SDK creates a service client, it will access these temporary credentials and
use them for each request. The settings for the IAM role chosen in step 2a determine
how long the temporary credentials are valid
Repeat these steps each time your credentials expire.