Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS CLI using Instance Profile Credentials

Tags:

How do I specify that I want to use Instance profile credentials when using the AWS CLI from within my EC2 instance? the docs say:

Instance profile credentials – these credentials can be used on EC2
instances with an assigned instance role, and are delivered through
the Amazon EC2 metadata service.

Is this automatic or do I need to call the metadata service and save the returned credentials to the ~/.aws/credentials file...then make the call?

like image 893
DaveB Avatar asked Mar 10 '15 17:03

DaveB

People also ask

Where does AWS CLI look for credentials?

The credentials file is located at ~/. aws/credentials on Linux or macOS, or at C:\Users\ USERNAME \. aws\credentials on Windows. This file can contain the credential details for the default profile and any named profiles.

Can I use AWS CLI from EC2 instance?

When you run the AWS CLI from within an Amazon Elastic Compute Cloud (Amazon EC2) instance, you can simplify providing credentials to your commands. Each Amazon EC2 instance contains metadata that the AWS CLI can directly query for temporary credentials.

Do EC2 instances have AWS credentials?

Applications that run on an Amazon EC2 instance must include AWS credentials in the AWS API requests. You could have your developers store AWS credentials directly within the Amazon EC2 instance and allow applications in that instance to use those credentials.

What is instance profile credentials?

Instance profiles are an AWS feature that allows EC2 instances to connect to other AWS resources with temporary credentials. These credentials are short-lived and are automatically rotated by AWS. Users can only request temporary credentials from within EC2 instances.

1 Answers

You are talking about IAM Roles. These are attached to the EC2 instance and the keys are rolled/rotated every four hours.

You do not need to pull those from the instance metadata and supply it to the aws-cli or a SDK, they will pull it automatically.

If you run aws-cli with the --debug flag, you should see the credentials being picked up:

$ aws --debug s3 ls
...
2015-03-10 18:15:04,459 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: iam-role
2015-03-10 18:15:04,465 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,466 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/ HTTP/1.1" 200 37
2015-03-10 18:15:04,468 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - INFO - Starting new HTTP connection (1): 169.254.169.254
2015-03-10 18:15:04,469 - MainThread - botocore.vendored.requests.packages.urllib3.connectionpool - DEBUG - "GET /latest/meta-data/iam/security-credentials/myrole-snipped HTTP/1.1" 200 898
2015-03-10 18:15:04,469 - MainThread - botocore.credentials - INFO - Found credentials from IAM Role: myrole-snipped
like image 137
tedder42 Avatar answered Sep 22 '22 11:09

tedder42
Sign in to Comment

Related questions

How to make AngularJS refresh header after login
Entry message: [MSC v.1500 64 bit (AMD64)] on win32
Integration tests with spring security
How to design a multi-level fluid layout in QML
Spark resources not fully allocated on Amazon EMR
What is the difference between managed heap and native heap in c# application
Docker Data Volume Container - Can I share across swarm
webpack hot module replacement: css without refresh
Why can ES6 Symbol properties be made enumerable by Object.defineProperty?
get the index of the last negative value in a 2d array per column
Scalable way to stack in CSS
How to Play audio through speaker even when headset is plugged in?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!