Skip to content

SECURE_AWS_SETUP.md

Latest commit

Β 

History

History
82 lines (65 loc) Β· 1.93 KB

SECURE_AWS_SETUP.md

File metadata and controls

82 lines (65 loc) Β· 1.93 KB

Secure AWS Credentials Setup

πŸ” Secure Method to Configure AWS CLI

Option 1: Environment Variables (Recommended)

Create a .env file with your credentials:

# Create .env file
echo 'AWS_ACCESS_KEY_ID=your_new_access_key_here' > .env.aws
echo 'AWS_SECRET_ACCESS_KEY=your_new_secret_key_here' >> .env.aws
echo 'AWS_DEFAULT_REGION=ap-southeast-2' >> .env.aws

Then load them:

# Load environment variables
Get-Content .env.aws | ForEach {
    $parts = $_.Split('=')
    [System.Environment]::SetEnvironmentVariable($parts[0], $parts[1], "User")
}

Option 2: Manual Config File Edit

Edit AWS config files directly:

Windows locations:

  • %USERPROFILE%\.aws\credentials
  • %USERPROFILE%\.aws\config

Credentials file content:

[default]
aws_access_key_id = YOUR_NEW_ACCESS_KEY
aws_secret_access_key = YOUR_NEW_SECRET_KEY

Config file content:

[default]
region = ap-southeast-2
output = json

Option 3: Use AWS CLI with input redirection

# Create temporary input file
@'
YOUR_NEW_ACCESS_KEY
YOUR_NEW_SECRET_KEY
ap-southeast-2
json
'@ | .\.venv\Scripts\python.exe -m awscli configure

🎯 Next Steps After Setup

  1. Test credentials:

    .\.venv\Scripts\python.exe -m awscli sts get-caller-identity

  2. Test App Runner access:

    .\.venv\Scripts\python.exe -m awscli apprunner list-services --region ap-southeast-2

  3. Continue with App Runner service creation

🚨 Security Best Practices

  1. Never paste credentials in chat/terminal logs
  2. Use temporary credentials when possible
  3. Rotate keys regularly
  4. Delete unused access keys immediately
  5. Use least privilege policies

πŸ”„ For GitHub Actions

Make sure to update GitHub Secrets with the new credentials:

  • Repository Settings β†’ Secrets and Variables β†’ Actions
  • Update AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY