Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using console credentials to authenticate Amazon SDKs and tools

Using console credentials is the recommended method of providing Amazon credentials when developing an Amazon application in your local environment or other non-Amazon compute service environments. If you are developing on an Amazon resource, such as Amazon Elastic Compute Cloud (Amazon EC2) or Amazon CloudShell, we recommend getting credentials from that service instead.

You can also authenticate through IAM Identity Center Using IAM Identity Center to authenticate Amazon SDK and tools. This option is a common way for organizations to manage access for their workforce and requires Identity Center to be enabled.

How does it work?

Login for Amazon local development using console credentials lets you use your existing Amazon Management Console sign-in credentials for programmatic access to Amazon services. After a browser-based authentication flow, Amazon generates temporary credentials that work across local development tools like the Amazon CLI, Tools for PowerShell and Amazon SDKs. This feature simplifies the process of configuring and managing Amazon CLI credentials, especially if you prefer interactive authentication over managing long-term access keys.

With this process, you can authenticate using your root credentials created during initial account setup, IAM users, or a federated identity from your identity provider.

If you use SDKs for development, the SDK clients will use the temporary credentials through the Amazon SDKs and Tools standardized credential providers. You can also configure the Login credentials provider.

Authenticating via the login command is supported by both Amazon CLI and Tools for PowerShell: