Shared Credentials

Credentials will be loaded automatically from the AWS shared credentials file. The shared credentials file is an INI file made up of a default section and profile sections for each configured profile. An example configuration with defaults and a configured profile:

[default] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY [usa] aws_access_key_id=AKIAUSAEXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/USAEXAMPLEKEY

NOTE: The absence of the profile keyword in the [usa] profile section name. This differs from the shared configuration file that expects an associated section to be named [profile usa].

File Location

Shared credentials files are normally located at ~/.aws/credentials but that can be overridden with the use of the environment variable AWS_SHARED_CREDENTIALS_FILE.

Assume Role Credentials

Shared credentials supports assuming roles. Assuming a role requires two profiles to be configured, one with source credentials, and another with the details of the role to assume. Here is an example configuration:

[ar] role_arn=arn:aws:iam::123456789012:role/MyRole source_profile=ar_source [ar_source] aws_access_key_id=AKIAIOSFODNN7EXAMPLE aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

The role can now be assumed by activating the "ar" profile either in code using AWS Options, or via the environment variable AWS_DEFAULT_PROFILE.

Copyright © 2019-2021 Appercept Ltd. All rights reserved.