Using legacy credentials - Amazon Tools for PowerShell
Important warnings and guidelines
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using legacy credentials

The topics in this section provide information about using long-term or short-term credentials without using Amazon IAM Identity Center.

Warning

To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as Amazon IAM Identity Center.

Note

The information in these topics is for circumstances where you need to obtain and manage short-term or long-term credentials manually. For additional information about short-term and long-term credentials, see Other ways to authenticate in the Amazon SDKs and Tools Reference Guide.

For best security practices, use Amazon IAM Identity Center, as described in Configure tool authentication.

Important warnings and guidance for credentials

Warnings for credentials

  • Do NOT use your account's root credentials to access Amazon resources. These credentials provide unrestricted account access and are difficult to revoke.

  • Do NOT put literal access keys or credential information in your commands or scripts. If you do, you create a risk of accidentally exposing your credentials.

  • Be aware that any credentials stored in the shared Amazon credentials file, are stored in plaintext.

Additional guidance for securely managing credentials

For a general discussion of how to securely manage Amazon credentials, see Amazon security credentials in the Amazon Web Services General Reference and Security best practices and use cases in the IAM User Guide. In addition to those discussions, consider the following:

  • Create additional users, such as users in IAM Identity Center, and use their credentials instead of using your Amazon root user credentials. Credentials for other users can be revoked if necessary or are temporary by nature. In addition, you can apply a policy to each user for access to only certain resources and actions and thereby take a stance of least-privilege permissions.

  • Use IAM roles for applications that are running on Amazon EC2 instances.

Topics