Set up Amazon CLI - Amazon EKS
To create an access keyTo configure the Amazon CLITo get a security tokenTo verify the user identityNext steps
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

Want to contribute to this user guide? Scroll to the bottom of this page and select Edit this page on GitHub. Your contributions will help make our user guide better for everyone.

Set up Amazon CLI

The Amazon CLI is a command line tool for working with Amazon services, including Amazon EKS. It is also used to authenticate IAM users or roles for access to the Amazon EKS cluster and other Amazon resources from your local machine. To provision resources in Amazon from the command line, you need to obtain an Amazon access key ID and secret key to use in the command line. Then you need to configure these credentials in the Amazon CLI. If you haven't already installed the Amazon CLI, see Install or update the latest version of the Amazon CLI in the Amazon Command Line Interface User Guide.

To create an access key

  1. Sign into the Amazon Web Services Management Console.

  2. In the top right, choose your Amazon user name to open the navigation menu. For example, choose webadmin. Then choose Security credentials.

  3. Under Access keys, choose Create access key.

  4. Choose Command Line Interface (CLI), then choose Next.

  5. Choose Create access key.

  6. Choose Download .csv file.

To configure the Amazon CLI

After installing the Amazon CLI, do the following steps to configure it. For more information, see Configure the Amazon CLI in the Amazon Command Line Interface User Guide.

  1. In a terminal window, enter the following command:

    aws configure

    Optionally, you can configure a named profile, such as --profile cluster-admin. If you configure a named profile in the Amazon CLI, you must always pass this flag in subsequent commands.

  2. Enter your Amazon credentials. For example:

    AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: region-code
Default output format [None]: json

To get a security token

If needed, run the following command to get a new security token for the Amazon CLI. For more information, see get-session-token in the Amazon CLI Command Reference.

By default, the token is valid for 15 minutes. To change the default session timeout, pass the --duration-seconds flag. For example:

aws sts get-session-token --duration-seconds 3600

This command returns the temporary security credentials for an Amazon CLI session. You should see the following response output:

{
    "Credentials": {
        "AccessKeyId": "ASIA5FTRU3LOEXAMPLE",
        "SecretAccessKey": "JnKgvwfqUD9mNsPoi9IbxAYEXAMPLE",
        "SessionToken": "VERYLONGSESSIONTOKENSTRING",
        "Expiration": "2023-02-17T03:14:24+00:00"
    }
}

To verify the user identity

If needed, run the following command to verify the Amazon credentials for your IAM user identity (such as ClusterAdmin) for the terminal session.

aws sts get-caller-identity

This command returns the Amazon Resource Name (ARN) of the IAM entity that's configured for the Amazon CLI. You should see the following example response output:

{
    "UserId": "AKIAIOSFODNN7EXAMPLE",
    "Account": "01234567890",
    "Arn": "arn:aws-cn:iam::01234567890:user/ClusterAdmin"
}

Next steps