Using legacy credentials

The topics in this section provide information about using long-term or short-term credentials without using AWS IAM Identity Center.

Warning

To avoid security risks, don't use IAM users for authentication when developing purpose-built software or working with real data. Instead, use federation with an identity provider such as AWS IAM Identity Center.

Note

The information in these topics is for circumstances where you need to obtain and manage short-term or long-term credentials manually. For additional information about short-term and long-term credentials, see Other ways to authenticate in the AWS SDKs and Tools Reference Guide.

For best security practices, use AWS IAM Identity Center, as described in Configure tool authentication.

Important warnings and guidance for credentials

Warnings for credentials

Do NOT use your account's root credentials to access AWS resources. These credentials provide unrestricted account access and are difficult to revoke.
Do NOT put literal access keys or credential information in your commands or scripts. If you do, you create a risk of accidentally exposing your credentials.
Be aware that any credentials stored in the shared AWS credentials file, are stored in plaintext.

Additional guidance for securely managing credentials

For a general discussion of how to securely manage AWS credentials, see AWS security credentials in the AWS General Reference and Security best practices and use cases in the IAM User Guide. In addition to those discussions, consider the following:

Create additional users, such as users in IAM Identity Center, and use their credentials instead of using your AWS root user credentials. Credentials for other users can be revoked if necessary or are temporary by nature. In addition, you can apply a policy to each user for access to only certain resources and actions and thereby take a stance of least-privilege permissions.

Use IAM roles for tasks for Amazon Elastic Container Service (Amazon ECS) tasks.

Use IAM roles for applications that are running on Amazon EC2 instances.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Users and roles

AWS Credentials