Use AWS IAM user credentials in terminal

1. Create an IAM User

• Go to the AWS IAM Console and create a new user.
• Decide whether the user should have console access or not. For most cases, I recommend not granting console access, as IAM Identity Center is better suited for managing console access.
• Assign permissions to the user. If you’re unsure about the permissions required, start with AdministratorAccess and gradually tighten them as needed. This varies by organization, so adjust according to your policies.

2. Generate Access Keys

• After creating the user, you’ll see an option to create an access key.
• Follow the prompts and select CLI access.
• Download the credentials CSV file, which contains the access key and secret key.

3. Configure AWS CLI
Ensure you have the AWS CLI installed and set up. (Follow the AWS CLI installation guide if necessary.)
Open your terminal and do the following:

cd ~/.aws
nano credentials

Add the following entry (replace the placeholders):

[your-profile]
aws_access_key_id = <replace-this>
aws_secret_access_key = <replace-this>

Save the file. Use any text editor you prefer.

Next, run:

aws configure --profile your-profile

Follow the prompts and press Enter for defaults.

4. Set a Default Region (Optional)
If you frequently use a specific AWS region (e.g., ap-southeast-1), you can configure it:

nano config

Add this:

[profile your-profile]
region = ap-southeast-1

Save the file. Now, when you run aws configure, the region will already be pre-filled.

Bonus: Is This Recommended?

Not really. Avoid using IAM users unless you have a very compelling reason. Most organizations, especially those in regulated environments like government clouds, discourage their use.

Instead:

• Check if CloudShell fulfills your needs.
• If CloudShell isn’t sufficient, consider using a jumphost instance within AWS.

IAM users are better suited for local development by development teams and should generally be avoided for operations tasks.