Passing in access and secret keys through AWS CLI

Question

Due to certain enterprise limitations, I'm only able to access AWS through the command line, and I cannot set environment variables. I was wondering if there is any way to pass in my keys with the command in a manner like this:

aws s3 cp <file> s3://testbucket --aws-access-key <accesskey> --aws-secret-key <secretkey>

I noticed that this question is fairly similar, although it seems that the answers are either not applicable to my situation or referencing the ec2din command, which I could not translate into copying files to s3. I just get the response Unknown options: --aws-access-key,--aws-secret-key .

Answer 1

Try this:

AWS_ACCESS_KEY_ID=AAAA AWS_SECRET_ACCESS_KEY=BBB aws s3 cp <file> s3://testbucket

This will set the keys for this command only. If you need the keys for the session, export them like below:

export AWS_ACCESS_KEY_ID=AAAA ; export AWS_SECRET_ACCESS_KEY=BBB ; aws s3 cp <file> s3://testbucket

Answer 2

Are you allowed to save the AK/SK to a file? (very much like an SSH private key would be saved in ~/.ssh/id_rsa for example)

If so, you can run the command aws configure , which will prompt for your AK and SK (plus default region and default output format). The credentials will be saved to ~/.aws/credentials, and the region and output (if you chose to specify them) will be saved to ~/.aws/config.

If you are not allowed to write your credentials to a file, be careful with commands passing credentials through the command like - those credentials might get into a "command history" file! In some shells, you can configure so that adding a space in front of a command will prevent it from being written into the history file.

Answer 3

add environmental variables in the project https://circleci.com/docs/2.0/env-vars/

screen:

And then configure config .circleci/config.yml :

# deploy to aws s3
  deploy:
    docker: 
      - image: cibuilds/aws:1.15.73
    environment:
      aws_access_key_id: $AWS_ACCESS_KEY_ID
      aws_secret_access_key: $AWS_SECRET_ACCESS_KEY
    steps:
      - attach_workspace:
          at: ./workspace
      - run: 
          name: Deploy to S3 if tests pass and branch is develop
          command: aws s3 sync workspace/public s3://your.bucket/ --delete

Answer 4

You can pass keys within aws configure itself, below is an example:

aws configure set aws_access_key_id <accessKeyID>
aws configure set aws_secret_access_key <secretAccessKey>

then run your command:

aws <command> help
aws <command> <subcommand> help

If you want to have all of them in one line:

aws configure set aws_access_key_id "xxx" && \
aws configure set aws_secret_access_key "yyy" && \
aws s3 ls