How to configure IAM user on your Linux machine to manage AWS accounts?

Planning to manage your AWS services from your Linux machine?

How to do that? Here you can manage your AWS services like EC2 instances, S3 buckets etc from your local machine by configuring your awscli with AWS IAM user with proper privileges.

Prerequisite – IAM user/s with proper privileges to manage the service which you want to manage from your machine.

 

After creating the IAM user with correct privilege, you can configure the awscli on your machine with that IAM user and simply manage services without logging into the AWS console.

How to configure IAM user on awscli?

You can simply configure awscli with IAM user privilege by executing the following command:

aws configure

How to install AWS command line interface (awscli) on Linux?

Yeah, this should help you to manage many things from your Linux server or local machine. AWS supports command line interface tool. It’s package name is awscli. The package awscli is available in commonly using package manager like YUM, APT, APT-GET etc..

However, it’s not recommended to install using YUM or APT, because it is not guaranteed to be the latest version unless you get it from pip. Read more…

The above command prompt for four questions. AWS Access Key ID of that IAM user, AWS Secret Access Key of IAM user, Default region name and Default output format. See the sample output pasted below:

$ aws configure
AWS Access Key ID [None]: AKIADFDGFGFGFGFGFGAMPLE
AWS Secret Access Key [None]: DiCYEXAMPLEKEYFDFDFDFDFDFDF/FDFDFD
Default region name [None]: us-west-2
Default output format [None]: json

The first two part is mandatory. You can find those details from AWS IAM user section. Steps are pasted below:

1. Open the IAM console.

2. In the navigation pane of the console, choose Users.

3. Choose your IAM user name.

4. Choose the Security credentials tab and then choose Create access key.

5. To see the new access key, choose Show. Your credentials will look something like this:

Access key ID: AKIADFDGFGFGFGFGFGAMPLE
Secret access key: DiCYEXAMPLEKEYFDFDFDFDFDFDF/FDFDFD

Is it possible to configure multiple IAM user on a single Linux machine?

Yeah, it’s possible. You can configure multiple IAM user on one single Linux machine.

How to configure multiple IAM user on single Linux machine?

This can be done by executing the same command “aws configure” with –profile option. You can configure many IAM users using the same command. Please see the sample pasted below:

aws configure --profile user2
AWS Access Key ID [None]: AKIADDDDDFFFFXAMPLE
AWS Secret Access Key [None]: je7MSDSDSDS/2Zp9Utk/h3yCo8DMPLEKSDSDEY
Default region name [None]: us-east-1
Default output format [None]: text
aws configure --profile user3
AWS Access Key ID [None]: AKDFGEWCDDFFFDGTRE
AWS Secret Access Key [None]: je7MSDFDFGFGDSDS/2FGFGFGtk/h3yCFGFGFGKSDSDEY
Default region name [None]: us-east-1
Default output format [None]: json

How to use different IAM user profile with awscli command?

The same option –profile can use along with awscli command to manage different AWS services. Please see the example pasted below:

aws s3 ls 

test1
test2
test3
aws s3 ls --profile user2

test4
test5
test6

The first command use the IAM profile one and list all the S3 buckets associated with that IAM user and the second command lists buckets of second IAM user.

Note: We consider those IAM users have permission to access S3 buckets of different AWS accounts.

How to check all the IAM user configured on your machine?

When you configure an IAM user on your machine, the details will be stored in the following location:

/root/.aws
[root@ip-172-31-53-249 .aws]# ll
total 8
-rw------- 1 root root  90 Feb 14 11:34 config
-rw------- 1 root root 344 Feb 14 11:34 credentials
[root@ip-14-4-44 .aws]# cat config
[default]
region = ap-southeast-1
[profile user2]
region = ap-southeast-1
[profile user3]
[root@ip-172-31-53-249 .aws]# cat credentials 
[default]
aws_access_key_id = AKI1111111RSLOA
aws_secret_access_key = Lf9IJW11111111111KToLTJKToPl
[user2]
aws_access_key_id = AKIA2222222RSLOA
aws_secret_access_key = Lf9IJW+22222222222oLTJKToPl
[user3]
aws_access_key_id = AKIAI33333333DZBA
aws_secret_access_key = FDVawY33333333333M17mvQ2HeX

The file credentials stores Access key and Secret key.
Try this and explore aws command line interface.

How to install AWS command line interface (awscli) on Linux?

An introduction note to Docker containers – basics, part 1

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I'm dealing Linux servers since 2012. I started this blog to share and discuss my ideas.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

Leave a Reply

Your email address will not be published. Required fields are marked *