Setting up the AWS Toolkit for Azure DevOps - AWS Toolkit for Microsoft Azure DevOps

Setting up the AWS Toolkit for Azure DevOps

To use the AWS Toolkit for Azure DevOps to access AWS, you need an AWS account and AWS credentials. When build agents run the tasks contained in the tools, the tasks must be configured with, or have access to, those AWS credentials to enable them to call AWS service APIs. To increase the security of your AWS account, we recommend that you do not use your root account credentials. You should create an IAM user to provide access credentials to the tasks running in the build agent processes.

Sign up for AWS

If you do not have an AWS account, complete the following steps to create one.

To sign up for an AWS account
  1. Open https://portal.aws.amazon.com/billing/signup.

  2. Follow the online instructions.

    Part of the sign-up procedure involves receiving a phone call and entering a verification code on the phone keypad.

    When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to an administrative user, and use only the root user to perform tasks that require root user access.

Create an IAM user

To create an administrator user, choose one of the following options.

Choose one way to manage your administrator To By You can also
In IAM Identity Center

(Recommended)

Use short-term credentials to access AWS.

This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide.

Following the instructions in Getting started in the AWS IAM Identity Center (successor to AWS Single Sign-On) User Guide. Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center (successor to AWS Single Sign-On) in the AWS Command Line Interface User Guide.
In IAM

(Not recommended)

Use long-term credentials to access AWS. Following the instructions in Creating your first IAM admin user and user group in the IAM User Guide. Configure programmatic access by Managing access keys for IAM users in the IAM User Guide.

Create an IAM user and download its credentials

After you've created an IAM user, copy its credentials. To use the AWS Toolkit for Azure DevOps, you must have a set of valid AWS credentials, which consist of an access key and a secret key. These keys are used to sign programmatic web service requests and enable AWS to verify that the request comes from an authorized source.

Warning

Do not copy your root account credentials for use with AWS Toolkit for Azure DevOps.