Main Points

  • Credentials are required to interact with AWS.

  • Credentials are associated with IAM principals like IAM users and IAM roles.

  • AWS credentials consist of at least two strings, the:

    • Access key ID, and
    • Secret access key
  • Optionally, credentials may include a third string, the session token.

Nearly all AWS services present secure HTTPS based APIs that require authentication using HMAC signatures calculated with an algorithm called Signature Version 4. You should rarely if ever have to use Signature Version 4 directly, because the AWS command line interface (CLI) and AWS Software Development Kit (SDK) perform it for you. You need only provide credentials in your environment.

When we speak of credentials in the context of using AWS services, we’re referring to a pair of strings called an access key ID and secret access key. These credentials are associated with an IAM principal like an IAM user or IAM role.

Here are what credentials look like:


Temporary Credentials

It is also possible to use credentials that permit temporary access. These credentials have a third value, a session token, that is included along with the access key ID and secret access key, which looks like this: