Help improve this page
Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.
Set up Amazon CLI
The Amazon CLI
To create an access key
-
Sign into the Amazon Web Services Management Console
. -
In the top right, choose your Amazon user name to open the navigation menu. For example, choose
webadmin
. Then choose Security credentials. -
Under Access keys, choose Create access key.
-
Choose Command Line Interface (CLI), then choose Next.
-
Choose Create access key.
-
Choose Download .csv file.
To configure the Amazon CLI
After installing the Amazon CLI, do the following steps to configure it. For more information, see Configure the Amazon CLI in the Amazon Command Line Interface User Guide.
-
In a terminal window, enter the following command:
aws configure
Optionally, you can configure a named profile, such as
. If you configure a named profile in the Amazon CLI, you must always pass this flag in subsequent commands.--profile cluster-admin
-
Enter your Amazon credentials. For example:
AWS Access Key ID [None]:
AWS Secret Access Key [None]:AKIAIOSFODNN7EXAMPLE
Default region name [None]:wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default output format [None]:region-code
json
To get a security token
If needed, run the following command to get a new security token for the Amazon CLI. For more
information, see get-session-token
in the Amazon CLI Command Reference.
By default, the token is valid for 15 minutes. To change the default session timeout, pass
the
flag. For example:--duration-seconds
aws sts get-session-token --duration-seconds 3600
This command returns the temporary security credentials for an Amazon CLI session. You should see the following response output:
{ "Credentials": { "AccessKeyId": "ASIA5FTRU3LOEXAMPLE
", "SecretAccessKey": "JnKgvwfqUD9mNsPoi9IbxAYEXAMPLE
", "SessionToken": "VERYLONGSESSIONTOKENSTRING
", "Expiration": "2023-02-17T03:14:24+00:00
" } }
To verify the user identity
If needed, run the following command to verify the Amazon credentials for your IAM user
identity (such as
) for the terminal
session.ClusterAdmin
aws sts get-caller-identity
This command returns the Amazon Resource Name (ARN) of the IAM entity that's configured for the Amazon CLI. You should see the following example response output:
{ "UserId": "AKIAIOSFODNN7EXAMPLE
", "Account": "01234567890
", "Arn": "arn:aws-cn:iam::01234567890
:user/ClusterAdmin
" }