Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Identity and Access Management for AWS ParallelCluster - AWS ParallelCluster

Identity and Access Management for AWS ParallelCluster

AWS ParallelCluster uses roles to access your AWS resources and their services. The instance and user policies that AWS ParallelCluster uses to grant permissions are documented at AWS Identity and Access Management permissions in AWS ParallelCluster.

The only major difference is how you authenticate when using a standard user and long-term credentials. Although an user requires a password to access an AWS service's console, that same user requires an access key pair to perform the same operations using AWS ParallelCluster. All other short-term credentials are used in the same way they are used with the console.

The credentials used by AWS ParallelCluster are stored in plaintext files and are not encrypted.

  • The $HOME/.aws/credentials file stores long-term credentials required to access your AWS resources. These include your access key ID and secret access key.

  • Short-term credentials, such as those for roles that you assume, or that are for AWS IAM Identity Center services, are also stored in the $HOME/.aws/cli/cache and $HOME/.aws/sso/cache folders, respectively.

Mitigation of Risk

  • We strongly recommend that you configure your file system permissions on the $HOME/.aws folder and its child folders and files to restrict access to only authorized users.

  • Use roles with temporary credentials wherever possible to reduce the opportunity for damage if the credentials are compromised. Use long-term credentials only to request and refresh short-term role credentials.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.