I created a user "data_eng1" with policies to use AWS glue. now, without console access and access keys disabled – this user has no way to interact with AWS at all?
I need to enable either console or access keys(AWS cli) ? at minimum, it needs to have at least 1 of these? attached policy gives permission, but there is no way I can login or AWS cli into AWS without 1 of these 2?
I’m trying to login to AWS — to do this I need at least 1 out of 2: access keys generated (so I can use cli), or console enabled, right?
2
Answers
You cannot interact with AWS without either enabling console access or use IAM roles.
A good practice would be to let users federate into AWS environment and not using long-term
access keys
for day to day tasks. Federated identities have short-lived credentials with configurable expiration timeYes, you do need to have some kind of credentials to use either cli or the console (either long-term user’s credentials or short-term session credentials).
Attached policy gives you authorization to do stuff, but AWS needs to perform authentication first (bind your API requests from the console or cli to a user or a role). That’s what the tokens do