This documentation is for Version 1 of the Amazon CLI only. For documentation related to Version 2 of the Amazon CLI, see the Version 2 User Guide.
Authenticating using IAM user credentials for the Amazon CLI
Warning
To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as Amazon IAM Identity Center.
This section explains how to configure basic settings with an IAM user. These include
your security credentials using the config
and
credentials
files.
Topics
Step 1: Create your IAM user
Create your IAM user by following the Creating IAM users (console) procedure in the IAM User Guide.
-
For Permission options, choose Attach policies directly for how you want to assign permissions to this user.
-
Most "Getting Started" SDK tutorials use the Amazon S3 service as an example. To provide your application with full access to Amazon S3, select the
AmazonS3FullAccess
policy to attach to this user.
Step 2: Get your access keys
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. -
In the navigation pane of the IAM console, select Users and then select the
User name
of the user that you created previously. -
On the user's page, select the Security credentials page. Then, under Access keys, select Create access key.
-
For Create access key Step 1, choose Command Line Interface (CLI).
-
For Create access key Step 2, enter an optional tag and select Next.
-
For Create access key Step 3, select Download .csv file to save a
.csv
file with your IAM user's access key and secret access key. You need this information for later. -
Select Done.
Configure the Amazon CLI
For general use, the Amazon CLI needs the following pieces of information:
-
Access key ID
-
Secret access key
-
Amazon Region
-
Output format
The Amazon CLI stores this information in a profile (a
collection of settings) named default
in the
credentials
file. By default, the information in this profile
is used when you run an Amazon CLI command that doesn't explicitly specify a profile to use.
For more information on the credentials
file, see Configuration and credential file settings in the
Amazon CLI.
To configure the Amazon CLI, use one of the following procedures:
Topics
Using aws
configure
For general use, the aws configure
command is the fastest way to set
up your Amazon CLI installation. This configure wizard prompts you for each piece of
information you need to get started. Unless otherwise specified by using the
--profile
option, the Amazon CLI stores this information in the
default
profile.
The following example configures a default
profile using sample
values. Replace them with your own values as described in the following
sections.
$
aws configure
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
AKIAIOSFODNN7EXAMPLE
Default region name [None]:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default output format [None]:
us-west-2
json
The following example configures a profile named userprod
using
sample values. Replace them with your own values as described in the following
sections.
$
aws configure --profile
userprod
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
AKIAIOSFODNN7EXAMPLE
Default region name [None]:
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default output format [None]:
us-west-2
json