1 Answer
- Newest
- Most votes
- Most comments
2
You will always need access keys to sign the calls to the AWS APIs. Maybe this is what you are looking for: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Okay, got it, thanks , but is it possible to use only "session" access keys? without providing those "static" access keys ( using only AWS CLI ) ?
And also, is there no option to shorten AWS generated secret access key?
Yes, by using a trusted external identity provider, you can only use temporary access keys by assuming a role, via the Idp. Version 2 of the CLI integrates with AWS SSO to facilitate this. You will still have to authenticate the the provider which may involve long term credentials. This is where you can use shortened credentials. The AWS access keys can't be shorted, that I know of. Here is the docs on using AWS CLI and AWS SSO: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html