Amazon Tools for PowerShell V4 has entered maintenance mode.

We recommend that you migrate to [Amazon Tools for PowerShell V5](https://docs.amazonaws.cn/powershell/v5/userguide/). For additional details and information on how to migrate, please refer to our [maintenance mode announcement](https://aws.amazon.com/blogs/developer/aws-tools-for-powershell-v4-maintenance-mode-announcement/).

# Using legacy credentials
<a name="pstools-cred-legacy"></a>

The topics in this section provide information about using long-term or short-term credentials without using Amazon IAM Identity Center.

**Warning**  
To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as [Amazon IAM Identity Center](https://docs.amazonaws.cn/singlesignon/latest/userguide/what-is.html).

**Note**  
The information in these topics is for circumstances where you need to obtain and manage short-term or long-term credentials manually. For additional information about short-term and long-term credentials, see [Other ways to authenticate](https://docs.amazonaws.cn/sdkref/latest/guide/access-users.html) in the *Amazon SDKs and Tools Reference Guide*.  
For best security practices, use Amazon IAM Identity Center, as described in [Configure tool authentication](creds-idc.md).

## Important warnings and guidance for credentials
<a name="pstools-creds-warnings-and-guidelines"></a>

**Warnings for credentials**
+ ***Do NOT*** use your account's root credentials to access Amazon resources. These credentials provide unrestricted account access and are difficult to revoke.
+ ***Do NOT*** put literal access keys or credential information in your commands or scripts. If you do, you create a risk of accidentally exposing your credentials.
+ Be aware that any credentials stored in the shared Amazon `credentials` file, are stored in plaintext.

**Additional guidance for securely managing credentials**

For a general discussion of how to securely manage Amazon credentials, see [Amazon security credentials](https://docs.amazonaws.cn/general/latest/gr/Welcome.html#aws-security-credentials) in the [Amazon Web Services General Reference](https://docs.amazonaws.cn/general/latest/gr/) and [Security best practices and use cases](https://docs.amazonaws.cn/IAM/latest/UserGuide/IAMBestPracticesAndUseCases.html) in the [IAM User Guide](https://docs.amazonaws.cn/IAM/latest/UserGuide/). In addition to those discussions, consider the following:
+ Create additional users, such as users in IAM Identity Center, and use their credentials instead of using your Amazon root user credentials. Credentials for other users can be revoked if necessary or are temporary by nature. In addition, you can apply a policy to each user for access to only certain resources and actions and thereby take a stance of least-privilege permissions.
+ Use [IAM roles for tasks](https://docs.amazonaws.cn/AmazonECS/latest/developerguide/task-iam-roles.html) for Amazon Elastic Container Service (Amazon ECS) tasks.
+ Use [IAM roles](shared-credentials-in-aws-powershell.md#shared-credentials-assume-role) for applications that are running on Amazon EC2 instances.

**Topics**
+ [Important warnings and guidelines](#pstools-creds-warnings-and-guidelines)
+ [Amazon Credentials](specifying-your-aws-credentials.md)
+ [Shared Credentials](shared-credentials-in-aws-powershell.md)