Getting AWS Credentials
NB. This page is relevant to Ministry of Justice employees. External collaborators should review Working as a Collaborator
You can obtain temporary AWS credentials to use the AWS CLI or other command line tools. This is required as the use of long-lived access keys is not supported.
To have access to your AWS credentials you will need to be a member of the GitHub team specified when the environment was created
Note - you do not need to obtain AWS credentials to deploy infrastructure, this is done via GitHub Workflows (see deploying your infrastructure).
If you need credentials to make an application deployment, a CI user is created as part of the initial account set up, see here for obtaining the credentials for that user.
-
If using the AWS CLI, follow the instructions set out in this guide
-
The following covers the steps to obtain short-lived access key & secret needed to connect to an account.
-
Select the account you wish to access programmatically
-
Against the role that you wish to use, select
Access Keys. -
In the pop-up window, select the operating system tab that best matches the device you are using.
-
Under
Option 1, copy the AWS Environment Variables using the copy feature to the right of the variables, then paste these into the terminal. -
The AWS CLI options will now be available to use using the role and the correct profile set up in 1 above. For using the short-lived credentials with terraform, there is no requirement to set up the CLI profile.
-
As these credentials are short-lived, it will be necessary to refresh them periodically. To do so, repeat the steps above & paste the new key variables into the terminal.
This AWS guide provides further information how to use the short-lived credentials from Identity Centre with the CLI.
Was this page useful?