AWS relies heavily on IAM (Identity and Access Management) users and roles for managing security. When a user is created, you can designate whether the user should have access to the AWS Console, programmatic access to AWS resources, or both. When a user is granted programmatic access, an access key and a secret access key are created. The AWS CLI and the AWS Tools for PowerShell use these items to authenticate.
What happens when you deal with multiple AWS environments? It is not uncommon to use several AWS accounts in many companies. Sometimes production and development may have different AWS accounts, or a company may use different accounts for different cost centers.
To handle situations such as this, you can create AWS Credential profiles. As always, you never want to store credentials in a file that is shared (like a script) or in source control. I have a very simple PowerShell script I use for this purpose: below are the relevant portions:
$AccessKey = Read-Host -Prompt 'Please enter your Access Key'
$SecretKey = Read-Host -Prompt 'Please enter your Secret Key'
$DefaultRegion = Read-Host -Prompt 'Please enter your Default Region'
$CredentialName = Read-Host -Prompt 'Please enter the name for the credential'
Set-AWSCredentials -AccessKey $AccessKey -SecretKey $SecretKey -StoreAs $CredentialName
Set-DefaultAwsRegion $DefaultRegion
When you execute the code above, you are promoted for the information required to create a credential, and that credential is saved for later use. Here is what that looks like.
Please enter your Access Key: xxxxxxxxxxxxxx
Please enter your Secret Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Please enter your Default Region: us-west-2
Please enter the name for the credential: personal-testAccount
You can then create additional credentials as needed for other accounts.
To use the credential, when you run an AWS Tools for PowerShell command use the “ProfileName” parameter:
PS C:\> New-S3Bucket -BucketName 'tjh-testbucket' -ProfileName personal-testAccount
CreationDate BucketName
------------ ----------
11/15/2019 8:52:25 PM tjh-testbucket