0

After so long years i want to change my accesskey and access pass of my aws iam user. To see where all my keys are used i have run few commands in my linux box and found ./root/.aws/credentials and /root/.aws/s3.fg file apart from application. I can update s3.cfg by s3cmd configure command. I want to update aws credentials file without cli installation in all my instances. Can anyone suggest me a script where i can fetch my creds stored in seretsmanager

Bandari Hema
  • 11
  • 1
  • 3
  • 1
    You should not normally need to store credentials on Amazon EC2 instances. The recommended method is to assign an **IAM Role** to the instance. This will automatically supply credentials that will be used by the AWS SDK, rather than needing a credentials file. – John Rotenstein Mar 14 '20 at 07:40
  • I can only second John's comment. It's not a good idea to store access keys/secrets on EC2 instances. You need to use EC2 instance roles instead. All your AWS SDK clients like Boto would be able to use these credentials out of the box. – Anton Mar 31 '20 at 14:58

1 Answers1

0

The credentials file is just a text file with two keys in it.

Go to aws console and in your user access settings you can reset your keys. Aws will show you a one time popup with the keys, copy them or download them then put those keys into the credentials file.

If your on Linux and probably Mac as well go to /home/myuser/.aws/credentials . Open up credentials and paste the keys into it in the same format as the ones before. I'm not on my computer right now so cant show you the format exactly.

Note the .aws folder is hidden by default so you might have to do this in your terminal. Open up the terminal and put the following

cd ~/.aws

That should put you inside the hidden folder. Then do...

vim credentials

That'll open up the file with the vim text editor. You can press i to go into insert mode and make changes to the file, then if you've got your keys copied to the clipboard, press ctrl-r + to paste them in.

Finally press escape then :wq to close and save the file.

cd3k
  • 719
  • 5
  • 8
  • hi thanks for the answer , but i have around 100s of instances and credentials are supposed t be retrieved from secretsmanager. so I reuse the script to run from session manager run command across all instances – Bandari Hema Mar 14 '20 at 06:30