58 | | === Read credentials from ~/.aws/credentials === |
59 | | When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`. |
| 58 | === Connecting using AssumeRole from AWS Security Token Service (STS) === |
| 59 | '''Version 6.7.0 or later required''' |
| 60 | Instead of providing Access Key ID and Secret Access Key, authenticate using temporary credentials from AWS Security Token Service (STS) with optional Multi-Factor Authentication (MFA). Refer to [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html Using IAM Roles]. |
| 61 | |
| 62 | ==== Read credentials from ~/.aws/credentials ==== |
| 63 | When editing a bookmark, the ''Access Key ID'' is set from the `default` profile in the credentials file located at `~/.aws/credentials`. You must provide configuration in the standard credentials property file `~/.aws/credentials` from [https://docs.aws.amazon.com/cli/latest/userguide/cli-multiple-profiles.html AWS Command Line Interface]. Configure a bookmark with the `Username` matching the profile name from `~/.aws/credentials`. |
| 64 | |
| 65 | ==== Example configuration ==== |
| 66 | Refer to [https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html Assuming a Role]. |
| 67 | {{{ |
| 68 | [testuser] |
| 69 | aws_access_key_id=<access key for testuser> |
| 70 | aws_secret_access_key=<secret key for testuser> |
| 71 | [testrole] |
| 72 | role_arn=arn:aws:iam::123456789012:role/testrole |
| 73 | source_profile=testuser |
| 74 | mfa_serial=arn:aws:iam::123456789012:mfa/testuser |
| 75 | }}} |