Jeff Bezos may have tripled his fortunes in the last couple of months by price gauging hand sanitiser and bog roll during lockdown with 1000% markup, but some aspects of the empire are less well-functioning. Getting an install of aws cli and AWSSDK.NET working on a new machine is one of those less stellar areas. As there is no acceptable documentation I shall write the process down now so that I can at least aide my memory for the next time.
Start at the beginning
- Install the V2 CLI on your local computer. Google it, the links will surely change.
- Go to https://console.aws.amazon.com/iam and create new credentials for a user that has the least privilege you can get away with.
- Add the credentials in a file called credentials, like so:
~/.aws/credentials. - Add config in a file called ~/.aws/config and specify your favourite output format and region per profile
- In your friendly neighbourhood Powershell window, type
SETX AWS_PROFILE my-awesome-profilein order to assign a default profile.
For people without imagination I’ll show examples of what the files should look like. Let’s hope I have remembered to recycle these credentials.
[default] aws_access_key_id = AWHERESAFAK3K3YNAME aws_secret_access_key = FKJqKj23kfj23kjl23l4j2f3l4jl2Kkl [local-excellent-profile] aws_access_key_id = AN0THERFAK3K3YNAME aws_secret_access_key = FKJ/e34fegf4ER24Efj23kjl23l4j2f3l4jl2Kkl
Here is an example of the config file:
[default] output = json region = eu-west-2 [profile local-excellent-profile] output = text region = eu-west-2
Those are the steps. Feel free to validate your credentials by issuing aws cli commands, perhaps specifying –profile in order to select a different profile than your default one. Unless you failed to copy the access key correctly you should find that things are ticking along nicely and that you can access precisely the resources you’re supposed to be able to access.
Tangents, everybody loves a good tangent
So – at some point it came to pass that the way I used to fetch IdS signing certificates from AWS became a thought crime, so I had to change the way I do it, by adding an additional parameter, essentially making the overload I’m calling to load up a PFX into a X509Certificate2 class actually take a PFX and load it up without trying to shove it into a system store of any kind. It would give an exception “keyset does not exist” because that makes total sense. Anyway, the fix is to supply the parameter X509KeyStorageFlags.EphemeralKeySet along with the byte array and super secret password when constructing the X509Certificate2 object.
That’s it for today. Don’t forget to like and subscribe for more.