Shared Credentials

Credentials will be loaded automatically from the AWS shared credentials file. The shared credentials file is an INI file made up of a default section and profile sections for each configured profile. An example configuration with defaults and a configured profile:

[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[usa]
aws_access_key_id=AKIAUSAEXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/USAEXAMPLEKEY

NOTE: The absence of the profile keyword in the [usa] profile section name. This differs from the shared configuration file that expects an associated section to be named [profile usa].

File Location

Shared credentials files are normally located at ~/.aws/credentials but that can be overridden with the use of the environment variable AWS_SHARED_CREDENTIALS_FILE.

Assume Role Credentials

Shared configuration/credentials supports assuming roles. Assuming a role requires two profiles to be configured, one with source credentials, and another with the details of the role to assume. Here is an example configuration needed in ~/.aws/config:

[profile ar]
role_arn=arn:aws:iam::123456789012:role/MyRole
source_profile=ar_source

The ~/.aws/credentials would need to supply appropriate credentials for assuming the role:

[ar_source]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

The role can now be assumed by activating the "ar" profile either in code using AWS Options, or via the environment variable AWS_PROFILE.

File Location​

Assume Role Credentials​

File Location

Assume Role Credentials