Skip to main content

Getting AWS Credentials

NB. This page is relevant to Ministry of Justice employees. External collaborators should review Working as a Collaborator

You can obtain temporary AWS credentials to use the AWS CLI or other command line tools. This is required as the use of long-lived access keys is not supported.

To have access to your AWS credentials you will need to be a member of the GitHub team specified when the environment was created

Note - you do not need to obtain AWS credentials to deploy infrastructure, this is done via GitHub Workflows (see deploying your infrastructure).

If you need credentials to make an application deployment, a CI user is created as part of the initial account set up, see here for obtaining the credentials for that user.

  1. If using the AWS CLI, follow the instructions set out in this guide

  2. The following covers the steps to obtain short-lived access key & secret needed to connect to an account.

  • Log in to the AWS Console

  • Select the account you wish to access programmatically

  • Against the role that you wish to use, select Access Keys.

  • In the pop-up window, select the operating system tab that best matches the device you are using.

  • Under Option 1, copy the AWS Environment Variables using the copy feature to the right of the variables, then paste these into the terminal.

  • The AWS CLI options will now be available to use using the role and the correct profile set up in 1 above. For using the short-lived credentials with terraform, there is no requirement to set up the CLI profile.

  • As these credentials are short-lived, it will be necessary to refresh them periodically. To do so, repeat the steps above & paste the new key variables into the terminal.

This AWS guide provides further information how to use the short-lived credentials from Identity Centre with the CLI.

This page was last reviewed on 21 February 2025. It needs to be reviewed again on 21 August 2025 by the page owner #modernisation-platform .