aws/config vs aws/credentials

9 May 2018
Get it right
aws

There are time when you have multiple AWS access keys and secrets.

Each key are able to access the AWS resources/services, depending on the given permissions.

Ideally those keys only have access to the resources that are needed, nothing more.

However, it might still happen that you are accessing the same services, but for different accounts.

Let say pushing files to S3 bucket, but instead of pushing to your work/company AWS account, you want to push it to your personal one.

So you want to make sure you are passing in the right configurations for the command.

AWS Profile

What you are looking for is AWS profile management. (I made that up, but you get the idea.)

You can have a quick look at your current profiles using this command.

$ cat ~/.aws/config

Well, to save you some typings, here's mine.

[default]
region = ap-southeast-1
output = text

[profile docker-repository]
region = us-west-2

[profile eb-cli]
aws_access_key_id =
aws_secret_access_key =


[profile chinloong]
aws_access_key_id =
aws_secret_access_key =
region = ap-southeast-1

You guessed it right. default configurations will be used if no profile is spcified explicitly.

New profile can be created by following the pattern you can derived from the file.

[profile staging]

and passed it as an argument in the command as

--profile staging

For example:

I am trying to deploy files to S3 bucket to use it in static web hosting.

s3-deploy './public/**' --cwd './public/' --profile chinloong --bucket your-bucket-name --deleteRemoved --gzip

Bad news is, it won't work.

You will probably get:

(node:82129) UnhandledPromiseRejectionWarning: Upload error: CredentialsError: Missing credentials in config (CredentialsError: Missing credentials in config

The missing part

$ cat ~/.aws/credentials

Make sure these two configs are there.

aws_access_key_id =
aws_secret_access_key =

Did I mentioned about the profile name?

Before I forgot, you can specify the profile name those configs are for. But watchout for the missing profile word.

The full block looks like this. (Instead of [profile staging])

[staging]
aws_access_key_id =
aws_secret_access_key =

You are now good to go!

Explanation

So we have

~/.aws/config

and

~/.aws/credentials

In short, use

~/.aws/credentials for sensitive config like your access key and secret.

~/.aws/config for less sensitive config like region=us-west-2 or max_concurrent_requests=10

Hope that clears up things a bit for you! 😀

You can also set the profile as environment variable.

AWS_PROFILE=staging s3-deploy ...

Full explanation?

Read it here. https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html

and here https://docs.aws.amazon.com/cli/latest/topic/config-vars.html