AWS IAM credentials - AWS Toolkit for VS Code
Creating an IAM userCreating a shared credentials file from the AWS Toolkit for Visual Studio CodeAdd additional credential profiles

AWS IAM credentials

AWS IAM credentials authentication with your AWS account through locally stored access keys.

The following sections describe how to set up IAM credentials to authenticate with your AWS account from the AWS Toolkit for Visual Studio Code.

Important

Before setting up IAM credentials to authenticate with your AWS account, note that:

  • If you've already set IAM credentials through another AWS service (such as the AWS CLI), then the AWS Toolkit for Visual Studio Code automatically detects those credentials and makes them available in VS Code.

  • AWS recommends using IAM Identity Center authentication. For additional information about AWS IAM best practices, see the Security best practice in IAM section of the AWS Identity and Access Management User Guide.

  • To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as What is IAM Identity Center? in the AWS IAM Identity Center User Guide.

Creating an IAM user

Before you can set up the AWS Toolkit for Visual Studio Code to authenticate with your AWS account, you need to complete Step 1: Create your IAM user and Step 2: Get your access keys in the Authenticate using long-term credentials topic in the AWS SDKs and Tools Reference Guide.

Note

Step 3: Update the shared credentials file in the AWS SDKs and Tools Reference Guide is optional.

If you complete Step 3, the AWS Toolkit for Visual Studio Code automatically detects your credentials during the Creating a shared credentials file from the AWS Toolkit for Visual Studio Code located below.

If you haven't completed Step 3, the AWS Toolkit for Visual Studio Code walks you through the process of creating a credentials file as described in the Creating a shared credentials file from the AWS Toolkit for Visual Studio Code located below.

Creating a shared credentials file from the AWS Toolkit for Visual Studio Code

Your shared config file and shared credentials file store configuration and credential information for your AWS accounts. For more information about shared configuration and credentials, see the Where are configuration settings stored? section in the AWS Command Line Interface User Guide.

Creating a shared credentials file through the AWS Toolkit for Visual Studio Code

  1. From VS Code, open the command pallet by pressing Shift+Command+P (Ctrl+Shift+P Windows), enter AWS: Add a New Connection into the search field, then select it to open the Connect to AWS new connection User interface (UI).

  2. From the Connect to AWS new connection UI, choose AWS Explorer: View, modify, and deploy AWS Resources.

  3. From the AWS Explorer: View, modify, and deploy AWS Resources view, expand Or add IAM User Credentials.

  4. From the IAM Credentials form, enter your Profile Name, Access Key, and Secret Key, then choose Add profile to add the information to your credentials file.

  5. The Visual Studio Code Explorer updates with your AWS account resources when the Toolkit is connected to your AWS account.

Note

In this example, assume that [Profile_Name] contains syntax errors and causes authentication to fail.


[Profile_Name]
xaws_access_key_id= AKIAI44QH8DHBEXAMPLE
xaws_secret_access_key= wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

The following is an example of a log message that's generated in response to a failed authentication attempt.


2022-11-02 22:01:54 [ERROR]: Profile [Profile_Name] is not a valid Credential Profile: not supported by the Toolkit
2022-11-02 22:01:54 [WARN]: Shared Credentials Profile [Profile_Name] is not valid. It will not be used by the toolkit.

Add additional credential profiles

You can add multiple credentials to your configuration files. To do so, open the Command Palette and choose AWS Toolkit Create Credentials Profile. This will open the credentials file. On this page, you can add a new profile below your first profile, as shown in the following example:

# Amazon Web Services Credentials File used by AWS CLI, SDKs, and tools
# This file was created by the AWS Toolkit for Visual Studio Code extension.
#
# Your AWS credentials are represented by access keys associated with IAM users.
# For information about how to create and manage AWS access keys for a user, see:
# https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html
#
# This credential file can store multiple access keys by placing each one in a
# named "profile". For information about how to change the access keys in a 
# profile or to add a new profile with a different access key, see:
# https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html 
#
[Profile1_Name]
# The access key and secret key pair identify your account and grant access to AWS.
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
# Treat your secret key like a password. Never share your secret key with anyone. Do 
# not post it in online forums, or store it in a source control system. If your secret 
# key is ever disclosed, immediately use IAM to delete the access key and secret key
# and create a new key pair. Then, update this file with the replacement key details.
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[Profile2_Name]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY