When you create and IAM entity in the AWS IAM console such as an AWS User, you can get the credentials such as the AWS Access Key and Secret key for it for programmatic use. These credentials will have the same access liberties for the entity for which they were created.
You can store these credentials on your local machine so these credentials can be used by multiple apps. These credentials stored locally are called AWS Profiles which can be more than one.
How to create AWS Profile
Let’s say you have an IAM User for which you want to create an AWS profile.
- Open the IAM Console.
- In the left side bar, click Users.
- Choose your desired user from the list.
- Under Summary, click the Security Credentials tab.
- Click Create Access Key.
- This will generate a new access and secret key combination for you. Store it in a safe location.
Now create the following 2 files if they don’t already exist:
~/.aws folder is the location where your AWS credentials are stored.
~/.aws/config and paste the following:
[profile myawsprofile] region=us-west-2 output=json
The choice of region and output is up to you. There are other options that can be specified here, but for the sake of the post, we just stick to these standard values.
~/.aws/credentials and paste the following:
[myawsprofile] aws_access_key_id=<access_key_of_crosspublisher_account> aws_secret_access_key=<secret_key_crosspublisher_account>
Here provide your access and secret key that you created using the IAM console earlier. Now this profile can be used by your AWS related code to deploy changes to your AWS account.
One thing to remember is to allocate sufficient permissions to your AWS User; the permissions that your code is going to require to deploy resources to your AWS account. If your code needs more permissions and your AWS User don’t have them, your deployments will fail.