passing access and secret key aws cli

Question

I am trying to embed access and secret key along with aws cli. e.g.

aws ec2 describe-instances --aws-access-key  --aws-secret-key 

        

Answer 1

Summarizing the aws doc, there several ways to pass credentials to the command line. Please note that there are no command line options to pass in the the key and secret key directly. The "provider chain" is used instead.

In my bash scripts, I often use environment variables. To add a tiny bit of security, I source a file containing the variables rather than putting them in the script. With named profiles, it's even easier.

The provider chain is:

1. command line options: specify region, output format, or profile
2. Environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN
3. The AWS credentials file – located at ~/.aws/credentials on Linux, macOS, or Unix, or at C:\Users\USERNAME .aws\credentials on Windows. This file can contain multiple named profiles in addition to a default profile.
4. The CLI configuration file – typically located at ~/.aws/config on Linux, macOS, or Unix, or at C:\Users\USERNAME .aws\config on Windows. This file can contain a default profile, named profiles, and CLI specific configuration parameters for each.
5. Container credentials – provided by Amazon Elastic Container Service on container instances when you assign a role to your task.
6. Instance profile credentials – these credentials can be used on EC2 instances with an assigned instance role, and are delivered through the Amazon EC2 metadata service.