Password/SSH based authentiaction for AWS CLI // authentication for AWS CLI without needing access keys
Hello, we want to authenticate AWS CLI requests without needing to store access keys in PC's memory, for now we think of using static password ( and this password should be less or equal to 38 characters ) OR using ssh/pgp keys that we would store in yubikey , so we would not need to use "static" AWS access keys OR we can use the "session" keys, but we should be able to get them without the "static" access keys, is it possible to implement it in any-way? like using AWS SSO or whatever else?
So in short we want to implement access to the AWS CLI without storing access keys on PC, we want "to shorten" the secret access key to 38 characters OR we need to get rid of access keys and use something else like ssh/pgp keys OR "known" password OR to authenticate AWS cli requests.
Any help will be appreciated :)
You will always need access keys to sign the calls to the AWS APIs. Maybe this is what you are looking for: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sourcing-external.html
And also, is there no option to shorten AWS generated secret access key?
Yes, by using a trusted external identity provider, you can only use temporary access keys by assuming a role, via the Idp. Version 2 of the CLI integrates with AWS SSO to facilitate this. You will still have to authenticate the the provider which may involve long term credentials. This is where you can use shortened credentials. The AWS access keys can't be shorted, that I know of. Here is the docs on using AWS CLI and AWS SSO: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html
Relevant questions
AWS CLI STS logout
Accepted Answerasked 5 months agoPassword/SSH based authentiaction for AWS CLI // authentication for AWS CLI without needing access keys
Accepted Answerasked 6 months ago[MOVED] How to use openpgp card to store secret access key?
asked 6 months agoIs it possible to get temporary access keys without using "static" access keys?
Accepted Answerasked 6 months agoELI5: AWS CLI and SSO
asked 7 months agoHow to login into the AWS SSO using AWS CLI without needing browser?
Accepted Answerasked 6 months agoWhen to use AWS CLI versus AWS SAM CLI for Lambda function deployment
asked 3 years agoAWS Amplify CLI - Remove all permissions from Function
Accepted Answerasked 3 months agoAWS CLI get rid of credentials file
Accepted Answerasked 5 months agoUsing AWS CLI in automation without MFA token
Accepted Answerasked 4 months ago
Okay, got it, thanks , but is it possible to use only "session" access keys? without providing those "static" access keys ( using only AWS CLI ) ?