1

Is it possible to provide the credential in each request in a way like

aws sns create-topic my_topic --ACCESS-KEY XXXX --SECRET-KEY XXXX

Instead of doing aws configure before I make the call.

I know that credential management can be done by using --profile like Using multiple profiles but that requires me to save the credential, which I cannot do. I'm depending on the user to provide me the key as parameter input. Is it possible?

OrlandoL
  • 898
  • 2
  • 12
  • 32

4 Answers4

3

I believe the closest option to what you are looking for would be to set the credentials as environment variables before invoking the AWS CLI.

Mark B
  • 183,023
  • 24
  • 297
  • 295
  • But if i set env variables there will be a contention from the many users. Seems I'll have to use different user accounts. – OrlandoL Jun 16 '17 at 17:06
  • 1
    How are you invoking this CLI command? You should be able to set the environment variables specific to that one invocation. – Mark B Jun 16 '17 at 17:10
  • Basically I'm trying to wrap the CLI api in a language that AWS doesn't support. And I want this API to be able to handle multiple users in one process, while each user is using their own credential. Moreover I cannot save the users' credentials and create different profiles for them each. So the best(not necessarily realistic) option is just to expect the credentials as input params. – OrlandoL Jun 16 '17 at 17:15
  • If you execute the shell command from whatever language you are wrapping this in as helloV shows above, the environment variables should only be set for that one invocation. – Mark B Jun 16 '17 at 17:23
  • I see your point. Yea if the program is single-processed then this works. Thanks. – OrlandoL Jun 16 '17 at 17:35
  • 2
    I don't know what "single-processed" means in this context exactly. Your language should be invoking each shell command in its own process. Setting the environment variables in that process should not affect other processes. – Mark B Jun 16 '17 at 17:46
1

One option is to export the environment variables that control the credentials and then call the desired CLI. The following works for me in bash:

$ export AWS_ACCESS_KEY_ID=AKIXXXXXXXXXXXXXXXX AWS_SECRET_ACCESS_KEY=YhTYxxxxxxxxxxxxxxVCSi; aws sns create-topic my_topic

You may also want to take a look at: Configuration Settings and Precedence

helloV
  • 50,176
  • 7
  • 137
  • 145
  • Thanks for the link. If saving profiles and setting env are unavoidable I'll have to find other ways around this. – OrlandoL Jun 16 '17 at 17:12
1

There is another way. Instead of "export"ing, just run the command like:

AWS_ACCESS_KEY_ID=AAAA AWS_SECRET_ACCESS_KEY=BBB aws ec2 describe-regions

This will ensure that the credentials are set only for the command.

krishna_mee2004
  • 6,556
  • 2
  • 35
  • 45
0

Your best bit would be to use IAM Role for Amazon ec2 instance. That way you don't need to worry about the credentials at all. Also they keys will be rotated periodically.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

Innocent Anigbo
  • 4,435
  • 1
  • 19
  • 19