7

I'm trying to use AWS Tools from Powershell, but I don't know how to log in. So when I run a command I naturally get this error:

No credentials specified or obtained from persisted/shell defaults.

How do I login? I read the article at https://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html, but it talks about public and private keys. I don't have those, I login to AWS from the web interface with my username and password (and also a token sent to my phone because I have MFA enabled).

Also, my user isn't allowed to create IAM users (it's a company policy and I can't override it).

sashoalm
  • 75,001
  • 122
  • 434
  • 781

1 Answers1

15

If your IAM user account doesn't already have Access and Secret Keys you'll need to create them here.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey

Then create a profile

Writes a new (or updates existing) profile with name "myProfileName" in the encrypted SDK store file

Set-AWSCredential -AccessKey akey -SecretKey skey -StoreAs myProfileName

Checks the encrypted SDK credential store for the profile and then falls back to the shared credentials file in the default location

Set-AWSCredential -ProfileName myProfileName
strongjz
  • 4,271
  • 1
  • 17
  • 27
  • I don't have an IAM user account and I can't create one. My user account doesn't have permissions for that. – sashoalm Sep 01 '17 at 13:47
  • How do you log into the aws console then? If you want to use the cli you'll need credentials, you'll have to request them from whoever manages your AWS users. – strongjz Sep 01 '17 at 13:50
  • It's described in my question - the next to last paragraph. I login from the browser, I'm asked about my username and password, and I get an authentication token on my phone. Then I'm logged into AWS management console - in the web browser. My account doesn't have permission to create IAM users. – sashoalm Sep 01 '17 at 13:56
  • I see that now. Back to my previous comment, you'll need to ask to get access and secret keys for your account, to use the cli. – strongjz Sep 01 '17 at 13:59
  • 2
    Indeed it's not possible to do a classic username password authentication, even with TFA, for a program. The access and secret keys are actually more secure because they can be easily revoked. If your organization doesn't want to create for your profile then considering creating a set that works only for scripting. Those credentials can be circulated per day if security is of big concern. – Alex Sarafian Sep 01 '17 at 19:53
  • You can set up STS, those credentials are only good for maximum of an hour. – strongjz Sep 01 '17 at 20:27
  • @strongjz thank you, this was the solution I needed after a full hour of googling! – DeanAttali Feb 16 '20 at 06:30