Authenticate using short-term credentials - AWS SDKs and Tools

Authenticate using short-term credentials

We recommend configuring your SDK or tool to use IAM Identity Center authentication with extended session duration options. However, you can copy and use temporary credentials that are available in the AWS access portal. New credentials will need to be copied when these expire. You can use the temporary credentials in a profile or use them as values for system properties and environment variables.

Set up a credentials file using short-term credentials retrieved from AWS access portal

  1. Create a shared credentials file.

  2. In the credentials file, paste the following placeholder text until you paste in working temporary credentials.

    [default]
aws_access_key_id=<value from AWS access portal>
aws_secret_access_key=<value from AWS access portal>
aws_session_token=<value from AWS access portal>

  3. Save the file. The file ~/.aws/credentials should now exist on your local development system. This file contains the [default] profile that the SDK or tool uses if a specific named profile is not specified.

  4. Sign in to the AWS access portal.

  5. Follow these instructions for Manual credential refresh to copy IAM role credentials from the AWS access portal.

    1. For step 4 in the linked instructions, choose the IAM role name that grants access for your development needs. This role typically has a name like PowerUserAccess or Developer.

    2. For step 7 in the linked instructions, select the Manually add a profile to your AWS credentials file option and copy the contents.

  6. Paste the copied credentials into your local credentials file. The generated profile name is not needed if you are using the default profile. Your file should resemble the following.

    [default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_session_token=IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE

  7. Save the credentials file.

When the SDK creates a service client, it will access these temporary credentials and use them for each request. The settings for the IAM role chosen in step 5a determine how long the temporary credentials are valid. The maximum duration is twelve hours.

After the temporary credentials expire, repeat steps 4 through 7.