I understand the AWS CLI can make use of the config and credentials files for storing it's local profile configurations.
Does anyone know of any general guidance and or best practice with regards to what should go in each file?
Asked
Active
Viewed 1.1k times
39
PicoutputCls
- 1,392
- 1
- 12
- 24
1 Answers
40
The AWS documentation which covers the two files can be found under Configuration and Credential Files in the AWS CLI documentation.
To summarise:
- The two files are distinct in order to enable the separation of credentials from less sensitive configuration information.
- The
credentialsfile is intended for storing just credential information for the configured profiles. (Currently limited to:aws_access_key_id,aws_secret_access_keyandaws_session_token) - The
configfile is intended for storing non-sensitive configuration options for the configured profiles. - The
configfile can also be configured to contain any information which could also be stored in thecredentialsfile. - In the case of conflicting credential information being specified for a profile in the
configandcredentialsfile, those in thecredentialsfile will take precedence.
PicoutputCls
- 1,392
- 1
- 12
- 24
-
1Bullet 2 is potentially misleading: region and output are stored in the config file (alone), not the credentials file. – jarmod Nov 03 '17 at 13:45
-
@jarmod You are correct. I misunderstood the AWS documentation linked in my answer. I have edited my answer to remove those entries. – PicoutputCls Nov 03 '17 at 14:52