Configuring Credentials
Start course
3h 54m

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified Developer - Associate exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what each of the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets

After you have the AWS CLI installed, you will then need credentials to be able to perform commands. These credentials usually come in the form of either an access key and secret access key, or temporary credentials through a single-sign-on service.

You can set your access keys in several ways. 

The first way is by using environment variables. The syntax for how you set an environment variable will be dependent on your operating system. For example, I’m using my MacOS terminal, so the syntax would be “export AWS_ACCESS_KEY_ID=” and then I can paste in my access key. Then I can do the same for the secret access key, using the command “export AWS_SECRET_ACCESS_KEY=” and then paste it in. Then I can run a command to see if it works, say “aws s3 ls”. And as you can see, it’s listing my s3 buckets in my account, so now I know that the credentials are working. 

For every command I run, it will then use these credentials for authorization, overriding any other credentials I’ve configured, until the end of my shell session. However, if you want these credentials to last beyond the end of the shell session, it’s recommended you set up your default profile instead. If you’re using your own personal AWS account, setting up the default profile is the most common approach of setting up your credentials. 

I can do this by running aws configure, and it will prompt me for four pieces of information:  my access key, which I will paste in, my secret access key, which I will also paste in here. My default region, which is where you want to send your requests to by default. I mainly work out of the US Oregon region, so I can specify us-west-2. And then it will ask for a default output, which you can specify as json, yaml, yaml-stream, text, or table. I’m going to specify yaml as my default output. 

Once I set these configurations, I can view them in the .aws directory. Let’s go to this directory by running the command cd ~/.aws/. From here I’ll list the contents of the directory using ls. This directory has a few files in it. The important ones for this lecture are the AWS credentials file and the AWS Config file. If I use the cat command to display the config file, you can see it contains the less sensitive information I selected, such as the default region and the default output. 

I’ll go ahead and do the same with the credentials file, using cat credentials. You can see it contains the access keys that I copy and pasted when I ran aws configure. 

Now, the issue that most companies have with this approach is that the access keys may not be changed regularly, so companies often choose to integrate an SSO service with the AWS CLI so that credentials can be changed dynamically. This approach is most commonly used if you’re using a company-provided AWS account. 

Most SSO services follow a similar sign-in flow, so for ease, I’ll show you the login flow using the AWS SSO service. I’ve already set the service up in the AWS console and integrated users from an Active Directory setup. After that is complete, I’m going to clear my screen here and then run the command ‘aws configure sso’. The first thing it asks for is the start URL, which your administrator will provide to you. So, I’ll paste in my start URL here. 

And then select the region my AWS SSO is set up in, which is us-east-1. 

Then, I am redirected to a browser that asks me to log in. I’ll log in using my username and password for my active directory user. After I’ve successfully logged in, I’ll go back to the terminal. Here, I can see which accounts and roles I have available for me to use, and I just have one role, called ViewOnly that I can access in one account. I can then start to run commands using this role. 

In summary, use the aws configure command to set up your default profile. This command will modify two files: the config and the credentials file.  Additionally, you can use SSO services with the AWS CLI to source credentials. That’s it for this one - see you next time! 

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.