skip to Main Content

I created a user "data_eng1" with policies to use AWS glue. now, without console access and access keys disabled – this user has no way to interact with AWS at all?

I need to enable either console or access keys(AWS cli) ? at minimum, it needs to have at least 1 of these? attached policy gives permission, but there is no way I can login or AWS cli into AWS without 1 of these 2?

I’m trying to login to AWS — to do this I need at least 1 out of 2: access keys generated (so I can use cli), or console enabled, right?

2

Answers


  1. You cannot interact with AWS without either enabling console access or use IAM roles.
    A good practice would be to let users federate into AWS environment and not using long-term access keys for day to day tasks. Federated identities have short-lived credentials with configurable expiration time

    Login or Signup to reply.
  2. Yes, you do need to have some kind of credentials to use either cli or the console (either long-term user’s credentials or short-term session credentials).

    Attached policy gives you authorization to do stuff, but AWS needs to perform authentication first (bind your API requests from the console or cli to a user or a role). That’s what the tokens do

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search