# Amazon IAM credentials
<a name="keys-profiles-credentials"></a>

Amazon IAM credentials authenticate with your Amazon account through locally stored access keys.

The following sections describe how to set up IAM credentials to authenticate with your Amazon account from the Amazon Toolkit for Visual Studio.

**Important**  
Before setting up IAM credentials to authenticate with your Amazon account, note that:  
If you've already set IAM credentials through another Amazon service (such as the Amazon CLI), then the Amazon Toolkit for Visual Studio automatically detects those credentials.
Amazon recommends using Amazon IAM Identity Center authentication. For additional information about Amazon IAM best practices, see the [Security best practice in IAM](https://docs.amazonaws.cn/IAM/latest/UserGuide/best-practices.html) section of the *Amazon Identity and Access Management User Guide*.
To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as Amazon IAM Identity Center. For more information see the [What is IAM Identity Center?](https://docs.amazonaws.cn//singlesignon/latest/userguide/what-is.html) in the *Amazon IAM Identity Center User Guide*.

## Creating an IAM user
<a name="creating-iam-user"></a>

 Before you can set up the Amazon Toolkit for Visual Studio to authenticate with your Amazon account, you need to complete **Step 1: Create your IAM user** and **Step 2: Get your access keys** in the [Authenticate using long-term credentials](https://docs.amazonaws.cn/singlesignon/latest/userguide/what-is.html) topic in the *Amazon SDKs and Tools Reference Guide*. 

**Note**  
 **Step 3: Update the shared credentials** is optional.  
If you complete Step 3, the Amazon Toolkit for Visual Studio automatically detects your credentials from the `credentials file`.  
If you haven't completed Step 3, the Amazon Toolkit for Visual Studio walks you through the process of creating a `credentials file` as described in the [Creating a credentials file from the Amazon Toolkit for Visual Studio](https://docs.amazonaws.cn/) section, located below. 

## Creating a credentials file
<a name="adding-a-profile-to-the-sdk-credential-store"></a>

To add a user to or create a `credentials file` from the Amazon Toolkit for Visual Studio:

**Note**  
 When new user profile is added from the toolkit:   
If a `credentials file` already exists, the new user information is added to the existing file.
 If a `credentials file` doesn't exist a new file is created.

1. From the Amazon Explorer choose **New Account Profile** icon to open the **New Account Profile** dialog.  
![Amazon Explorer interface showing services and profile selection dropdown.](http://docs.amazonaws.cn/en_us/toolkit-for-visual-studio/latest/user-guide/images/credentials_ui.png)

1. Complete the required fields in the **New Account Profile** dialog and choose the **OK** button to create the IAM user.

## Editing IAM user credentials from the toolkit
<a name="edit-iam-credentials"></a>

To edit IAM user credentials from the toolkit, complete the following steps:

1. From the **Credentials** drop-down in the Amazon Explorer, choose the IAM user credential you want to edit.

1. Choose the **Edit Profile** icon to open the **Edit Profile** dialog.

1. From the **Edit Profile** dialog complete your updates and choose the **OK** button to save your changes.

To delete IAM user credentials from the toolkit, complete the following steps:

1. From the **Credentials** drop down in the Amazon Explorer, choose the IAM user credential you want to delete.

1. Choose the **Delete Profile** icon to open the **Delete Profile** prompt.

1. Confirm that you want to delete the profile to remove it from your `Credentials file`.

**Important**  
 Profiles that support advanced access features, such as IAM Identity Center or Multi-factor authentication (MFA) in the **Edit Profile** dialog, can't be edited from the Amazon Toolkit for Visual Studio. To make changes to these types of profiles, you must edit the `credentials file`using a text editor. 

## Editing IAM user credentials from a text editor
<a name="adding-a-profile-to-the-aws-credentials-profile-file"></a>

In addition to managing IAM users with the Amazon Toolkit for Visual Studio, you can edit `credential files` from your preferred text editor. The default location of the `credential file` in Windows is `C:\Users\{{USERNAME}}\.aws\credentials`.

For more details on the location and structure of `credential files`, see the [Shared config and credentials files](https://docs.amazonaws.cn/sdkref/latest/guide/file-format.htm) section of the *Amazon SDKs and Tools Reference guide*.

## Creating IAM users from the Amazon Command Line Interface (Amazon CLI)
<a name="aws-configure-profile"></a>

The Amazon CLI is another tool you can use to create an IAM user in the `credentials file`, using the command `aws configure`.

For detailed information about creating IAM users from the Amazon CLI see the [Configuring the Amazon CLI](https://docs.amazonaws.cn/cli/latest/userguide/cli-chap-configure.html) topics in the *Amazon CLI User Guide*.

The Toolkit for Visual Studio supports the following configuration properties:

```
aws_access_key_id
aws_secret_access_key
aws_session_token
credential_process
credential_source
external_id
mfa_serial
role_arn
role_session_name
source_profile
sso_account_id
sso_region
sso_role_name
sso_start_url
```