Getting AWS Credentials
NB. This page is relevant to Ministry of Justice employees. External collaborators should review Working as a Collaborator
You can obtain temporary AWS credentials to use the AWS CLI or other command line tools. This is required as the use of long-lived access keys is not supported.
To have access to your AWS credentials you will need to be a member of the GitHub team specified when the environment was created
Note - you do not need to obtain AWS credentials to deploy infrastructure, this is done via GitHub Workflows (see deploying your infrastructure).
If you need credentials to make an application deployment, a CI user is created as part of the initial account set up, see here for obtaining the credentials for that user.
If using the AWS CLI, follow the instructions set out in this guide
The following covers the steps to obtain short-lived access key & secret needed to connect to an account.
Select the account you wish to access programmatically
Against the role that you wish to use, select
Access Keys
.In the pop-up window, select the operating system tab that best matches the device you are using.
Under
Option 1
, copy the AWS Environment Variables using the copy feature to the right of the variables, then paste these into the terminal.The AWS CLI options will now be available to use using the role and the correct profile set up in 1 above. For using the short-lived credentials with terraform, there is no requirement to set up the CLI profile.
As these credentials are short-lived, it will be necessary to refresh them periodically. To do so, repeat the steps above & paste the new key variables into the terminal.
This AWS guide provides further information how to use the short-lived credentials from Identity Centre with the CLI.