Skin
Layout Boxed
Background
Direction

[Recipes] Configuring Access Key Id and Secret Access Key from AWS Command Line

Submitted by heartin on Sat, 12/23/2017 - 14:37

Problem: 

Need to configure access key Id and secret access key from AWS Command Line Inside an EC2 instance.

Solution Summary: 

Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab to configure access key Id and secret access key.

Prerequisites: 

Amazon Linux AMI comes with aws command line pre-installed, and we will use it for out lab. You may have to install it manually in other AMIs. You can install AWS command line in our personal devices as Windows, Mac etc.

Solution Steps: 

  1. Create a new EC2 instance: Select Amazon Linux AMI, t2 micro, leave IAM role as none, tag as (Key: Name, Value:DemoEC2-NoRoles), use existing web dmz security group (or create one if needed), use existing EC2 key-pair(or create one if needed).

  2.  Got to IAM dashboard:

    1. Got to users and Create a new user: Give any name (e.g. BuddyEC2User), download credentials.

    2. Go to groups and create a new group: Give any name (e.g. BuddyS3Group), Attach following policies: AmazonS3FullAccess.

    3. Go inside the group and add the user we had created to the group.

  3. Connect to the EC2 instance through ssh and elevate privileges: sudo su

  4. Run following aws command line command: aws S3 ls

    1. You should get an error unable to locate credentials.

  5. Run: aws configure

    1. Provide access key id and secret access key (downloaded when we created new user),  default region name (may refer to http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region), default output format as empty (just press enter).

  6.  Run again: aws s3 ls

    1. It should list your S3 buckets.

  7. Try running: aws s3 help

    1. It should give a good description of this command with all available options.

    2. Note that ‘s’ in s3 is small.

  8. Verify the config location:

    1. Run: cd ~

    2. Run: cd .aws

    3. Run: ls

      1. Should see two folders: config, credentials.

    4. Run: nano credentials

      1. Should see access key and secret access keys.

  9. Remove the EC2 instance.

  10. Remove the user(s) created.

 

Exam Tip

  1. The command ‘aws s3 ls’ will list buckets from all regions, irrespective of the configured default region, as s3 bucket namespaces are global.

  2. It may not be safe to store the credentials within your EC2 instance (see step 8). This can be avoided by using roles.

Recipe Tags: 

EC2 Lab
aws security lab

Partners and Platforms

Learn Serverless from Serverless Programming Cookbook

Contact

Please first use the contact form or facebook page messaging to connect.

Offline Contact
We currently connect locally for discussions and sessions at Bangalore, India. Please follow us on our facebook page for details.
WhatsApp (Primary): (+91) 7411174113
Phone (Escalations): (+91) 7411174114

Business newsletter

Complete the form below, and we'll send you an e-mail every now and again with all the latest news.

About

Cloudericks.com is my blog to share notes and learning materials on Cloud and Data Analytics. My current focus is on Amazon Web Services.

I like to write. I try to document what I learn and share with others. I believe that knowledge is useless unless you share it; the more you share, the more you learn.

Partner Sites

Recent comments

Photo Stream