Lets talk Profiles

So many times I look at scripts and see “Access Key ID” and “Secret access key” hard coded into scripts.  I wonder if these same people would put in their AD credentials in scripts.

Well, I am a little more security conscience then that, so I am really into profiles.   AWS Profiles allow you to embed your credentials into a users, or service account on a Windows based system.  These profiles can then be used with Powershell to access AWS resources that they have permission.

Ill explain a little below, however you want to see the official documentation… http://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html

Below are the important cmdlets:

  • Set-AWSCredentials
  • Get-AWSCredentials
  • Remove-AWSCredentialProfile

So, lets run through them, few prerequisites… Need an account, needs to have the proper permission and the “Access Key ID” and “Secret access key”.  The windows machine will need the AWS Tools installed.  Login to the Windows machine with the account(service account, etc) you want to be associated with the profile.

Set-AWSCredentials – Use this to create your profile, use profile

  • Set-AWSCredentials – AccessKey {Access Key ID}  -–SecretKey {Secret access key}  -StoreAs {default or an specified name} (I prefer specified for more control)
  • Example: Set-AWSCredentials –AccessKey “”AKIAIOPLKEEIQWD6ELPA” –SecretKey “YKlGq+aY+xW7XUAW+fWoQgdc9A+Gd9s/Hyd”  –StoreAs Test_User

Get-AWScredentials – Use this to see the stored credentials

  • Get-AWSCredentials -ListProfileDetail

Remove-AWSCredentialProfile  – Use this to remove stored credentials

  • Remove-AWSCredentialProfile -ProfileName {MyProfileName}
  • Example: Remove-AWSCredentialProfile -ProfileName Test_User

Set-AWSCredentials – Use this to select the profile for your session.  You can use default, by either specifying “default” as the profile name when it was created or using Initialize-AWSDefaults -ProfileName {Profile) -Region {Region).  However , I believe better to use it session by session.

  • Set-AWSCredentials -ProfileName {Profile}