Hello, we want to authenticate AWS CLI requests without needing to store access keys in PC's memory, for now we think of using static password ( and this password should be less or equal to 38 characters ) OR using ssh/pgp keys that we would store in yubikey , so we would not need to use "static" AWS access keys OR we can use the "session" keys, but we should be able to get them without the "static" access keys, is it possible to implement it in any-way? like using AWS SSO or whatever else?
So in short we want to implement access to the AWS CLI without storing access keys on PC, we want "to shorten" the secret access key to 38 characters OR we need to get rid of access keys and use something else like ssh/pgp keys OR "known" password OR to authenticate AWS cli requests.
Any help will be appreciated :)
AWS 官方已更新 2 年前
Okay, got it, thanks , but is it possible to use only "session" access keys? without providing those "static" access keys ( using only AWS CLI ) ?
And also, is there no option to shorten AWS generated secret access key?
Yes, by using a trusted external identity provider, you can only use temporary access keys by assuming a role, via the Idp. Version 2 of the CLI integrates with AWS SSO to facilitate this. You will still have to authenticate the the provider which may involve long term credentials. This is where you can use shortened credentials. The AWS access keys can't be shorted, that I know of. Here is the docs on using AWS CLI and AWS SSO: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html