us-east-1
sts:GetSessionToken
to get temporary credentials.aws configure
--dry-run
flag lets us dry run AWS CLI commandsaws sts decode-authorization-message --encoded-message <encoded-message>
- Decode encoded authorization message. Need permission sts:DecodeAuthorizationMessage
to be able to run the above command.Allows us to use multiple AWS accounts using the CLI.
Configure AWS CLI with a profile info - aws configure --profile <profile-name>
Specify a profile in AWS command using --profile <profile-name>
otherwise the default
profile will be used.
The credentials for different profiles are stored at ~/.aws/credentials
[default]
aws_access_key_id = ASIAW4X6ZFPB74QH6E64
aws_secret_access_key = egwe43h45jhw5jwhaergergeh5w
AWS_SESSION_TOKEN = asdfadsfadcaeghwerbweh43tq4twgrbg4hqgev4weagh43q
[dev]
aws_access_key_id = ASIAW4X6ZFPB74QH6E64
aws_secret_access_key = egwe43h45jhw5jwhaergergeh5w
AWS_SESSION_TOKEN = asdfadsfadcaeghwerbweh43tq4twgrbg4hqgev4weagh43q
The config for different profiles are stored at ~/.aws/config
[default]
region = us-east-1
[dev]
region = us-west-1
Describelnstances
on EC2 → 100 calls per secondsGetObject
on S3 → 5500 GET per second per prefix