Skip to content

Latest commit

 

History

History
155 lines (111 loc) · 4.64 KB

set-aws-environment-variables.md

File metadata and controls

155 lines (111 loc) · 4.64 KB

How to set AWS environment variables

Amazon Web Services (AWS) command-line interface (CLI) supports specific environment variables. These environment variables are listed at Environment variables to configure the AWS CLI

In python scripts using the AWS boto3 library, there is a list of environment variables that are used by the library.

If using AWS_SESSION_TOKEN, a session will need to be created and environment variable values will need to use the session information.

AWS Session

Create AWS session credentials

  1. Get session information from AWS and place into ~/aws-sts-get-session-token.json file. Example:

    aws sts get-session-token \
  > ~/aws-sts-get-session-token.json

Create AWS MFA session credentials

  1. ✏️ Identify the AWS multi-factor authentication serial number for the device supplying the MFA token. Registered devices can be found at AWS My security credentials Example:

    export AWS_MFA_SERIAL_NUMBER="arn:aws:iam::nnnnnnnnnnnn:mfa/xxxxxxxx"

    If defined in ~/.aws/config, run:

    export AWS_MFA_SERIAL_NUMBER=$(aws configure get default.mfa_serial)

  2. ✏️ Get MFA token from the device supplying the MFA token. It is usually a 6-digit number. Note: This token is short lived; perhaps only one minute duration. So the step performed after this step must be performed immediately afterwards to use a valid token value. Example:

    export AWS_MFA_TOKEN_CODE=nnnnnn

  3. Get session information from AWS and place into ~/aws-sts-get-session-token.json file. Example:

    aws sts get-session-token \
  --serial-number ${AWS_MFA_SERIAL_NUMBER} \
  --token-code ${AWS_MFA_TOKEN_CODE} \
  > ~/aws-sts-get-session-token.json

AWS environment variables

AWS_ACCESS_KEY_ID

  1. Pull information from ~/.aws/credentials Example:

    export AWS_ACCESS_KEY_ID=$(aws configure get default.aws_access_key_id)

  2. For a session, pull information from ~/aws-sts-get-session-token.json, a file created in the AWS Session section. Example:

    export AWS_ACCESS_KEY_ID=$(jq --raw-output ".Credentials.AccessKeyId" ~/aws-sts-get-session-token.json)

  3. References:

    1. Usage

AWS_DEFAULT_REGION

  1. Pull information from ~/.aws/config Example:

    export AWS_DEFAULT_REGION=$(aws configure get default.region)

  2. References:

    1. Usage

AWS_SECRET_ACCESS_KEY

  1. Pull information from ~/.aws/credentials Example:

    export AWS_SECRET_ACCESS_KEY=$(aws configure get default.aws_secret_access_key)

  2. For a session, pull information from ~/aws-sts-get-session-token.json, a file created in the AWS Session section. Example:

    export AWS_SECRET_ACCESS_KEY=$(jq --raw-output ".Credentials.SecretAccessKey" ~/aws-sts-get-session-token.json)

  3. References:

    1. Usage

AWS_SESSION_TOKEN

  1. For a session, pull information from ~/aws-sts-get-session-token.json, a file created in the AWS Session section. Example:

    export AWS_SESSION_TOKEN=$(jq --raw-output ".Credentials.SessionToken" ~/aws-sts-get-session-token.json)

  2. References:

    1. Usage

Non-AWS environment variables

AWS_MFA_SERIAL_NUMBER

  1. Pull information from ~/.aws/config Example:

    export AWS_MFA_SERIAL_NUMBER=$(aws configure get default.mfa_serial)

AWS_MFA_TOKEN_CODE

  1. ✏️ Get MFA token from the device supplying the MFA token. Note: This token is short lived; perhaps only one minute duration. So the step performed after this step must be performed immediately afterwards to use a valid token value. Example:

    export AWS_MFA_TOKEN_CODE=nnnnnn