Version 5 (V5) of the AWS Tools for PowerShell has been released\$1
For information about breaking changes and migrating your applications, see the [migration topic](https://docs.aws.amazon.com/powershell/v5/userguide/migrating-v5.html).
[https://docs.aws.amazon.com/powershell/v5/userguide/migrating-v5.html](https://docs.aws.amazon.com/powershell/v5/userguide/migrating-v5.html)
# Get started with the AWS Tools for PowerShell
The following topics show you how to successfully install AWS Tools for PowerShell cmdlets and set up authentication with AWS.
**Topics**
+ [Installed on CloudShell](pstools-getting-set-up-cloudshell.md)
+ [Installing on Windows](pstools-getting-set-up-windows.md)
+ [Installing on Linux or macOS](pstools-getting-set-up-linux-mac.md)
+ [Authenticating with AWS](creds-idc.md)
# Installed AWS Tools for PowerShell on AWS CloudShell
`AWS.Tools` is pre-installed on AWS CloudShell as described in [Pre-installed software](https://docs.aws.amazon.com/cloudshell/latest/userguide/vm-specs.html#pre-installed-software) in the [AWS CloudShell User Guide](https://docs.aws.amazon.com/cloudshell/latest/userguide/). Since console credentials are automatically passed to CloudShell, a user with permissions to open CloudShell can immediately run Tools for PowerShell cmdlets without additional installation or configuration.
To use the AWS Tools for PowerShell on CloudShell, perform steps similar to the following:
1. Open the [CloudShell Console](https://console.aws.amazon.com/cloudshell/home).
1. Run `pwsh`.
1. Run any `AWS.Tools` PowerShell commands you need such as `Get-S3Bucket`.
# Installing the AWS Tools for PowerShell on Windows
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
A Windows-based computer can run any of the AWS Tools for PowerShell package options:
+ [**`AWS.Tools`**](ps-installing-awstools.md) - The modularized version of AWS Tools for PowerShell. Each AWS service is supported by its own individual, small module, with shared support modules `AWS.Tools.Common` and `AWS.Tools.Installer`.
+ [**AWSPowerShell.NetCore**](ps-installing-awspowershellnetcore.md) - The single, large-module version of AWS Tools for PowerShell. All AWS services are supported by this single, large module.
**Note**
Be aware that the single module might be too large to use with [AWS Lambda](https://aws.amazon.com/lambda/) functions. Instead, use the modularized version shown above.
+ [**AWSPowerShell**](ps-installing-awswindowspowershell.md) - The legacy, Windows-specific, single, large-module version of AWS Tools for PowerShell. All AWS services are supported by this single, large module.
The package you choose depends on the release and edition of Windows that you are running.
**Note**
The AWS Tools for PowerShell are installed by default on all Windows-based Amazon Machine Images (AMIs). The option that is installed depends on the AMI. Many AMIs have the AWSPowerShell module, but some might have a different option. For example, Amazon EC2 AMIs for Windows Server 2025 use the modular `AWS.Tools` option.
Setting up the AWS Tools for PowerShell involves the following high-level tasks, described in detail in subsequent topics.
1. Install the AWS Tools for PowerShell package option that's appropriate for your environment.
1. Verify that script execution is enabled by running the `Get-ExecutionPolicy` cmdlet.
1. Import the AWS Tools for PowerShell module into your PowerShell session.
## Prerequisites
Newer versions of PowerShell, including PowerShell Core, are available as downloads from Microsoft at [Installing various versions of PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) on Microsoft's Web site.
**Topics**
+ [
## Prerequisites
](#prerequisites)
+ [Install `AWS.Tools` (recommended)](ps-installing-awstools.md)
+ [Install AWSPowerShell.NetCore](ps-installing-awspowershellnetcore.md)
+ [Install AWSPowerShell (legacy)](ps-installing-awswindowspowershell.md)
# Install `AWS.Tools` on Windows (recommended)
For general information about installing the AWS Tools for PowerShell on Windows, including prerequisites and other options, see the [parent topic](pstools-getting-set-up-windows.md).
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
You can install the modularized version of the AWS Tools for PowerShell on computers that are running Windows with Windows PowerShell 5.1, or PowerShell Core 6.0 or later. For information about how to install PowerShell Core, see [Installing various versions of PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) on Microsoft's Web site.
You can install `AWS.Tools` in one of three ways:
+ Using the cmdlets in the `AWS.Tools.Installer` module. This module simplifies the installation and update of other `AWS.Tools` modules. `AWS.Tools.Installer` requires `PowerShellGet`, and automatically downloads and installs an updated version of it. `AWS.Tools.Installer` automatically keeps your module versions in sync. When you install or update to a newer version of one module, the cmdlets in `AWS.Tools.Installer` automatically update all of your other `AWS.Tools` modules to the same version.
This method is described in the procedure that follows.
+ Downloading the modules from `[AWS.Tools.zip](https://sdk-for-net.amazonwebservices.com/ps/v5/latest/AWS.Tools.zip)` and extracting them in one of the module folders. You can discover your module folders by displaying the value of the `PSModulePath` environment variable.
**Warning**
After downloading the ZIP file and before extracting the contents, you might need to unblock it. This is typically done by opening the properties of the file, viewing the **General** tab, and selecting the **Unblock** checkbox if one exists.
If the ZIP file needs to be unblocked but you don't do so, you might receive errors similar to the following: "Import-Module : Could not load file or assembly".
+ Installing each service module from the PowerShell Gallery using the `Install-Module` cmdlet.
**To install `AWS.Tools` on Windows using the `AWS.Tools.Installer` module**
1. Start a PowerShell session.
**Note**
We recommend that you *don't* run PowerShell as an administrator with elevated permissions except when required by the task at hand. This is because of the potential security risk and is inconsistent with the principle of least privilege.
1. To install the modularized `AWS.Tools` package, run the following command.
```
PS > Install-Module -Name AWS.Tools.Installer
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure
you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
```
If you are notified that the repository is "untrusted", it asks you if you want to install anyway. Enter **y** to allow PowerShell to install the module. To avoid the prompt and install the module without trusting the repository, you can run the command with the `-Force` parameter.
```
PS > Install-Module -Name AWS.Tools.Installer -Force
```
1. You can now install the module for each AWS service that you want to use by using the `Install-AWSToolsModule` cmdlet. For example, the following command installs the Amazon EC2 and Amazon S3 modules. This command also installs any dependent modules that are required for the specified module to work. For example, when you install your first `AWS.Tools` service module, it also installs `AWS.Tools.Common`. This is a shared module required by all AWS service modules. It also removes older versions of the modules, and updates other modules to the same newer version.
```
PS > Install-AWSToolsModule AWS.Tools.EC2,AWS.Tools.S3 -CleanUp
Confirm
Are you sure you want to perform this action?
Performing the operation "Install-AWSToolsModule" on target "AWS Tools version 4.0.0.0".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Installing module AWS.Tools.Common version 4.0.0.0
Installing module AWS.Tools.EC2 version 4.0.0.0
Installing module AWS.Tools.Glacier version 4.0.0.0
Installing module AWS.Tools.S3 version 4.0.0.0
Uninstalling AWS.Tools version 3.3.618.0
Uninstalling module AWS.Tools.Glacier
Uninstalling module AWS.Tools.S3
Uninstalling module AWS.Tools.SimpleNotificationService
Uninstalling module AWS.Tools.SQS
Uninstalling module AWS.Tools.Common
```
**Note**
The `Install-AWSToolsModule` cmdlet downloads all requested modules from the `PSRepository` named `PSGallery` ([https://www.powershellgallery.com/](https://www.powershellgallery.com/)) and considers it a trusted source. Use the command `Get-PSRepository -Name PSGallery` for more information about this `PSRepository`.
By default, the previous command installs modules into the `%USERPROFILE%\Documents\WindowsPowerShell\Modules` folder. To install the AWS Tools for PowerShell for all users of a computer, you must run the following command in a PowerShell session that you started as an administrator. For example, the following command installs the IAM module to the `%ProgramFiles%\WindowsPowerShell\Modules` folder that is accessible by all users.
```
PS > Install-AWSToolsModule AWS.Tools.IdentityManagement -Scope AllUsers
```
To install other modules, run similar commands with the appropriate module names, as found in the [PowerShell Gallery](https://www.powershellgallery.com/packages?q=aws).
## Enable Script Execution
To load the AWS Tools for PowerShell modules, you must enable PowerShell script execution. To enable script execution, run the `Set-ExecutionPolicy` cmdlet to set a policy of `RemoteSigned`. For more information, see [About Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies) on the Microsoft Technet website.
**Note**
This is a requirement only for computers that are running Windows. The `ExecutionPolicy` security restriction is not present on other operating systems.
**To enable script execution**
1. Administrator rights are required to set the execution policy. If you are not logged in as a user with administrator rights, open a PowerShell session as Administrator. Choose **Start**, and then choose **All Programs**. Choose **Accessories**, and then choose **Windows PowerShell**. Right-click **Windows PowerShell**, and on the context menu, choose **Run as administrator**.
1. At the command prompt, enter the following.
```
PS > Set-ExecutionPolicy RemoteSigned
```
**Note**
On a 64-bit system, you must do this separately for the 32-bit version of PowerShell, **Windows PowerShell (x86)**.
If you don't have the execution policy set correctly, PowerShell shows the following error whenever you try to run a script, such as your profile.
```
File C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded because the execution
of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:2
+ . <<<< 'C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1'
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
```
The Tools for Windows PowerShell installer automatically updates the [PSModulePath](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_psmodulepath) to include the location of the directory that contains the `AWSPowerShell` module.
Because the `PSModulePath` includes the location of the AWS module's directory, the `Get-Module -ListAvailable` cmdlet shows the module.
```
PS > Get-Module -ListAvailable
ModuleType Name ExportedCommands
---------- ---- ----------------
Manifest AppLocker {}
Manifest BitsTransfer {}
Manifest PSDiagnostics {}
Manifest TroubleshootingPack {}
Manifest AWSPowerShell {Update-EBApplicationVersion, Set-DPStatus, Remove-IAMGroupPol...
```
## Versioning
AWS releases new versions of the AWS Tools for PowerShell periodically to support new AWS services and features. To determine the version of the Tools that you have installed, run the [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
For example:
```
PS > Get-AWSPowerShellVersion
AWS Tools for PowerShell
Version 5.0.3
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Amazon Web Services SDK for .NET
Core Runtime Version 4.0.0.13
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release notes: https://github.com/aws/aws-tools-for-powershell/blob/main/changelogs/CHANGELOG.ALL.md
This software includes third party software subject to the following copyrights:
- Logging from log4net, Apache License
[http://logging.apache.org/log4net/license.html]
```
You can also add the `-ListServiceVersionInfo` parameter to a [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) command to see a list of the AWS services that are supported in the current version of the tools. If you use the modularized `AWS.Tools.*` option, only the modules that you currently have imported are displayed.
For example:
```
PS > Get-AWSPowerShellVersion -ListServiceVersionInfo
...
Service Noun Prefix Module Name SDK
Assembly
Version
------- ----------- ----------- -----------
AWS IAM Access Analyzer IAMAA AWS.Tools.AccessAnalyzer 3.7.400.33
AWS Account ACCT AWS.Tools.Account 3.7.400.33
AWS Certificate Manager Private... PCA AWS.Tools.ACMPCA 3.7.400.34
AWS Amplify AMP AWS.Tools.Amplify 3.7.401.28
Amplify Backend AMPB AWS.Tools.AmplifyBackend 3.7.400.33
...
```
To determine the version of PowerShell that you are running, enter `$PSVersionTable` to view the contents of the \$1PSVersionTable [automatic variable](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-6).
For example:
```
PS > $PSVersionTable
Name Value
---- -----
PSVersion 6.2.2
PSEdition Core
GitCommitId 6.2.2
OS Darwin 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
```
## Updating the AWS Tools for PowerShell on Windows
Periodically, as updated versions of the AWS Tools for PowerShell are released, you should update the version that you are running locally.
### Update the modularized `AWS.Tools` modules
To update your `AWS.Tools` modules to the latest version, run the following command:
```
PS > Update-AWSToolsModule -CleanUp
```
This command updates all of the currently installed `AWS.Tools` modules and, after a successful update, removes the earlier versions.
**Note**
The `Update-AWSToolsModule` cmdlet downloads all modules from the `PSRepository` named `PSGallery` ([https://www.powershellgallery.com/](https://www.powershellgallery.com/)) and considers it a trusted source. Use the `Get-PSRepository -Name PSGallery` command for more information about this `PSRepository`.
# Install AWSPowerShell.NetCore on Windows
For general information about installing the AWS Tools for PowerShell on Windows, including prerequisites and other options, see the [parent topic](pstools-getting-set-up-windows.md).
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
**Note**
AWSPowerShell.NetCore is not the recommended method for installing the AWS Tools for PowerShell. For the recommended method, see [Install `AWS.Tools` (recommended)](ps-installing-awstools.md) instead.
You can install the AWSPowerShell.NetCore on computers that are running Windows with PowerShell version 3 through 5.1, or PowerShell Core 6.0 or later. For information about how to install PowerShell Core, see [Installing various versions of PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) on the Microsoft PowerShell website.
You can install AWSPowerShell.NetCore in one of two ways
+ Downloading the module from [AWSPowerShell.NetCore.zip](https://sdk-for-net.amazonwebservices.com/ps/v5/latest/AWSPowerShell.NetCore.zip) and extracting it in one of the module directories. You can discover your module directories by displaying the value of the `PSModulePath` environment variable.
**Warning**
After downloading the ZIP file and before extracting the contents, you might need to unblock it. This is typically done by opening the properties of the file, viewing the **General** tab, and selecting the **Unblock** checkbox if one exists.
If the ZIP file needs to be unblocked but you don't do so, you might receive errors similar to the following: "Import-Module : Could not load file or assembly".
+ Installing from the PowerShell Gallery using the `Install-Module` cmdlet, as described in the following procedure.
**To install AWSPowerShell.NetCore from the PowerShell Gallery using the Install-Module cmdlet**
To install the AWSPowerShell.NetCore from the PowerShell Gallery, your computer must be running PowerShell 5.0 or later, or running [PowerShellGet](https://www.powershellgallery.com/packages/PowerShellGet) on PowerShell 3 or later. Run the following command.
```
PS > Install-Module -name AWSPowerShell.NetCore
```
If you are running PowerShell as administrator, the previous command installs AWS Tools for PowerShell for all users on the computer. If you are running PowerShell as a standard user without administrator permissions, that same command installs AWS Tools for PowerShell for only the current user.
To install for only the current user when that user has administrator permissions, run the command with the `-Scope CurrentUser` parameter set, as follows.
```
PS > Install-Module -name AWSPowerShell.NetCore -Scope CurrentUser
```
Although PowerShell 3.0 and later releases typically load modules into your PowerShell session the first time you run a cmdlet in the module, the AWSPowerShell.NetCore module is too large to support this functionality. You must instead explicitly load the AWSPowerShell.NetCore Core module into your PowerShell session by running the following command.
```
PS > Import-Module AWSPowerShell.NetCore
```
To load the AWSPowerShell.NetCore module into a PowerShell session automatically, add that command to your PowerShell profile. For more information about editing your PowerShell profile, see [About Profiles](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles) in the PowerShell documentation.
## Enable Script Execution
To load the AWS Tools for PowerShell modules, you must enable PowerShell script execution. To enable script execution, run the `Set-ExecutionPolicy` cmdlet to set a policy of `RemoteSigned`. For more information, see [About Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies) on the Microsoft Technet website.
**Note**
This is a requirement only for computers that are running Windows. The `ExecutionPolicy` security restriction is not present on other operating systems.
**To enable script execution**
1. Administrator rights are required to set the execution policy. If you are not logged in as a user with administrator rights, open a PowerShell session as Administrator. Choose **Start**, and then choose **All Programs**. Choose **Accessories**, and then choose **Windows PowerShell**. Right-click **Windows PowerShell**, and on the context menu, choose **Run as administrator**.
1. At the command prompt, enter the following.
```
PS > Set-ExecutionPolicy RemoteSigned
```
**Note**
On a 64-bit system, you must do this separately for the 32-bit version of PowerShell, **Windows PowerShell (x86)**.
If you don't have the execution policy set correctly, PowerShell shows the following error whenever you try to run a script, such as your profile.
```
File C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded because the execution
of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:2
+ . <<<< 'C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1'
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
```
The Tools for Windows PowerShell installer automatically updates the [PSModulePath](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_psmodulepath) to include the location of the directory that contains the `AWSPowerShell` module.
Because the `PSModulePath` includes the location of the AWS module's directory, the `Get-Module -ListAvailable` cmdlet shows the module.
```
PS > Get-Module -ListAvailable
ModuleType Name ExportedCommands
---------- ---- ----------------
Manifest AppLocker {}
Manifest BitsTransfer {}
Manifest PSDiagnostics {}
Manifest TroubleshootingPack {}
Manifest AWSPowerShell {Update-EBApplicationVersion, Set-DPStatus, Remove-IAMGroupPol...
```
## Versioning
AWS releases new versions of the AWS Tools for PowerShell periodically to support new AWS services and features. To determine the version of the Tools that you have installed, run the [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
For example:
```
PS > Get-AWSPowerShellVersion
AWS Tools for PowerShell
Version 5.0.3
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Amazon Web Services SDK for .NET
Core Runtime Version 4.0.0.13
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release notes: https://github.com/aws/aws-tools-for-powershell/blob/main/changelogs/CHANGELOG.ALL.md
This software includes third party software subject to the following copyrights:
- Logging from log4net, Apache License
[http://logging.apache.org/log4net/license.html]
```
You can also add the `-ListServiceVersionInfo` parameter to a [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) command to see a list of the AWS services that are supported in the current version of the tools. If you use the modularized `AWS.Tools.*` option, only the modules that you currently have imported are displayed.
For example:
```
PS > Get-AWSPowerShellVersion -ListServiceVersionInfo
...
Service Noun Prefix Module Name SDK
Assembly
Version
------- ----------- ----------- -----------
AWS IAM Access Analyzer IAMAA AWS.Tools.AccessAnalyzer 3.7.400.33
AWS Account ACCT AWS.Tools.Account 3.7.400.33
AWS Certificate Manager Private... PCA AWS.Tools.ACMPCA 3.7.400.34
AWS Amplify AMP AWS.Tools.Amplify 3.7.401.28
Amplify Backend AMPB AWS.Tools.AmplifyBackend 3.7.400.33
...
```
To determine the version of PowerShell that you are running, enter `$PSVersionTable` to view the contents of the \$1PSVersionTable [automatic variable](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-6).
For example:
```
PS > $PSVersionTable
Name Value
---- -----
PSVersion 6.2.2
PSEdition Core
GitCommitId 6.2.2
OS Darwin 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
```
## Updating the AWS Tools for PowerShell on Windows
Periodically, as updated versions of the AWS Tools for PowerShell are released, you should update the version that you are running locally.
### Update the Tools for PowerShell Core
Run the `Get-AWSPowerShellVersion` cmdlet to determine the version that you are running, and compare that with the version of Tools for Windows PowerShell that is available on the [PowerShell Gallery](https://www.powershellgallery.com/packages/AWSPowerShell) website. We suggest you check every two to three weeks. Support for new commands and AWS services is available only after you update to a version with that support.
Before you install a newer release of AWSPowerShell.NetCore, uninstall the existing module. Close any open PowerShell sessions before you uninstall the existing package. Run the following command to uninstall the package.
```
PS > Uninstall-Module -Name AWSPowerShell.NetCore -AllVersions
```
After the package is uninstalled, install the updated module by running the following command.
```
PS > Install-Module -Name AWSPowerShell.NetCore
```
After installation, run the command `Import-Module AWSPowerShell.NetCore` to load the updated cmdlets into your PowerShell session.
# Install AWSPowerShell on Windows PowerShell (legacy)
For general information about installing the AWS Tools for PowerShell on Windows, including prerequisites and other options, see the [parent topic](pstools-getting-set-up-windows.md).
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
**Note**
AWSPowerShell is not the recommended method for installing the AWS Tools for PowerShell. For the recommended method, see [Install `AWS.Tools` (recommended)](ps-installing-awstools.md) instead.
You can install the AWS Tools for Windows PowerShell in one of two ways:
+ Downloading the module from [AWSPowerShell.zip](https://sdk-for-net.amazonwebservices.com/ps/v5/latest/AWSPowerShell.zip) and extracting it in one of the module directories. You can discover your module directories by displaying the value of the `PSModulePath` environment variable.
**Warning**
After downloading the ZIP file and before extracting the contents, you might need to unblock it. This is typically done by opening the properties of the file, viewing the **General** tab, and selecting the **Unblock** checkbox if one exists.
If the ZIP file needs to be unblocked but you don't do so, you might receive errors similar to the following: "Import-Module : Could not load file or assembly".
+ Installing from the PowerShell Gallery using the `Install-Module` cmdlet as described in the following procedure.
**To install AWSPowerShell from the PowerShell Gallery using the Install-Module cmdlet**
You can install the AWSPowerShell from the PowerShell Gallery if you are running PowerShell 5.0 or later, or have installed [PowerShellGet](https://www.powershellgallery.com/packages/PowerShellGet) on PowerShell 3 or later. You can install and update AWSPowerShell from Microsoft's [PowerShell Gallery](https://www.powershellgallery.com/packages/AWSPowerShell) by running the following command.
```
PS > Install-Module -Name AWSPowerShell
```
To load the AWSPowerShell module into a PowerShell session automatically, add the previous `import-module` cmdlet to your PowerShell profile. For more information about editing your PowerShell profile, see [About Profiles](https://docs.microsoft.com/powershell/module/microsoft.powershell.core/about/about_profiles?view=powershell-6) in the PowerShell documentation.
## Enable Script Execution
To load the AWS Tools for PowerShell modules, you must enable PowerShell script execution. To enable script execution, run the `Set-ExecutionPolicy` cmdlet to set a policy of `RemoteSigned`. For more information, see [About Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies) on the Microsoft Technet website.
**Note**
This is a requirement only for computers that are running Windows. The `ExecutionPolicy` security restriction is not present on other operating systems.
**To enable script execution**
1. Administrator rights are required to set the execution policy. If you are not logged in as a user with administrator rights, open a PowerShell session as Administrator. Choose **Start**, and then choose **All Programs**. Choose **Accessories**, and then choose **Windows PowerShell**. Right-click **Windows PowerShell**, and on the context menu, choose **Run as administrator**.
1. At the command prompt, enter the following.
```
PS > Set-ExecutionPolicy RemoteSigned
```
**Note**
On a 64-bit system, you must do this separately for the 32-bit version of PowerShell, **Windows PowerShell (x86)**.
If you don't have the execution policy set correctly, PowerShell shows the following error whenever you try to run a script, such as your profile.
```
File C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 cannot be loaded because the execution
of scripts is disabled on this system. Please see "get-help about_signing" for more details.
At line:1 char:2
+ . <<<< 'C:\Users\username\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1'
+ CategoryInfo : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException
```
The Tools for Windows PowerShell installer automatically updates the [PSModulePath](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_psmodulepath) to include the location of the directory that contains the `AWSPowerShell` module.
Because the `PSModulePath` includes the location of the AWS module's directory, the `Get-Module -ListAvailable` cmdlet shows the module.
```
PS > Get-Module -ListAvailable
ModuleType Name ExportedCommands
---------- ---- ----------------
Manifest AppLocker {}
Manifest BitsTransfer {}
Manifest PSDiagnostics {}
Manifest TroubleshootingPack {}
Manifest AWSPowerShell {Update-EBApplicationVersion, Set-DPStatus, Remove-IAMGroupPol...
```
## Versioning
AWS releases new versions of the AWS Tools for PowerShell periodically to support new AWS services and features. To determine the version of the Tools that you have installed, run the [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
For example:
```
PS > Get-AWSPowerShellVersion
AWS Tools for PowerShell
Version 5.0.3
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Amazon Web Services SDK for .NET
Core Runtime Version 4.0.0.13
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release notes: https://github.com/aws/aws-tools-for-powershell/blob/main/changelogs/CHANGELOG.ALL.md
This software includes third party software subject to the following copyrights:
- Logging from log4net, Apache License
[http://logging.apache.org/log4net/license.html]
```
You can also add the `-ListServiceVersionInfo` parameter to a [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) command to see a list of the AWS services that are supported in the current version of the tools. If you use the modularized `AWS.Tools.*` option, only the modules that you currently have imported are displayed.
For example:
```
PS > Get-AWSPowerShellVersion -ListServiceVersionInfo
...
Service Noun Prefix Module Name SDK
Assembly
Version
------- ----------- ----------- -----------
AWS IAM Access Analyzer IAMAA AWS.Tools.AccessAnalyzer 3.7.400.33
AWS Account ACCT AWS.Tools.Account 3.7.400.33
AWS Certificate Manager Private... PCA AWS.Tools.ACMPCA 3.7.400.34
AWS Amplify AMP AWS.Tools.Amplify 3.7.401.28
Amplify Backend AMPB AWS.Tools.AmplifyBackend 3.7.400.33
...
```
To determine the version of PowerShell that you are running, enter `$PSVersionTable` to view the contents of the \$1PSVersionTable [automatic variable](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-6).
For example:
```
PS > $PSVersionTable
Name Value
---- -----
PSVersion 6.2.2
PSEdition Core
GitCommitId 6.2.2
OS Darwin 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
```
## Updating the AWS Tools for PowerShell on Windows
Periodically, as updated versions of the AWS Tools for PowerShell are released, you should update the version that you are running locally.
### Update the Tools for Windows PowerShell
Run the `Get-AWSPowerShellVersion` cmdlet to determine the version that you are running, and compare that with the version of Tools for Windows PowerShell that is available on the [PowerShell Gallery](https://www.powershellgallery.com/packages/AWSPowerShell) website. We suggest you check every two to three weeks. Support for new commands and AWS services is available only after you update to a version with that support.
+ If you installed by using the `Install-Module` cmdlet, run the following commands.
```
PS > Uninstall-Module -Name AWSPowerShell -AllVersions
PS > Install-Module -Name AWSPowerShell
```
+ If you installed by using a downloaded ZIP file:
1. Download the most recent version from the [Tools for PowerShell](https://aws.amazon.com/powershell/) web site. Compare the package version number in the downloaded file name with the version number you get when you run the `Get-AWSPowerShellVersion` cmdlet.
1. If the download version is a higher number than the version you have installed, close all Tools for Windows PowerShell consoles.
1. Install the newer version of the Tools for Windows PowerShell.
After installation, run `Import-Module AWSPowerShell` to load the updated cmdlets into your PowerShell session. Or run the custom AWS Tools for PowerShell console from your **Start** menu.
# Installing AWS Tools for PowerShell on Linux or macOS
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
To install AWS Tools for PowerShell on a Linux or macOS computer, you can choose from two package options:
+ [**`AWS.Tools`**](install-aws.tools-on-linux-macos.md) – The modularized version of AWS Tools for PowerShell. Each AWS service is supported by its own individual, small module, with shared support modules `AWS.Tools.Common`.
+ [**AWSPowerShell.NetCore**](install-netcore-on-linux-macos.md) – The single, large-module version of AWS Tools for PowerShell. All AWS services are supported by this single, large module.
**Note**
Be aware that the single module might be too large to use with [AWS Lambda](https://aws.amazon.com/lambda/) functions. Instead, use the modularized version shown above.
Setting either of these up on a computer running Linux or macOS involves the following tasks, described in detail in subsequent topics:
1. Install PowerShell Core 6.0 or later on a supported system.
1. After installing PowerShell Core, start PowerShell by running `pwsh` in your system shell.
1. Install either `AWS.Tools` or AWSPowerShell.NetCore.
1. Run the appropriate `Import-Module` cmdlet to import the module into your PowerShell session.
1. Run the [Initialize-AWSDefaultConfiguration](https://docs.aws.amazon.com/powershell/v5/reference/items/Initialize-AWSDefaultConfiguration.html) cmdlet to provide your AWS credentials.
## Prerequisites
To run the AWS Tools for PowerShell Core, your computer must be running PowerShell Core 6.0 or later.
+ For a list of supported Linux platform releases and for information about how to install the latest version of PowerShell on a Linux-based computer, see [Installing PowerShell on Linux](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-linux) on Microsoft's website. Some Linux-based operating systems, such as Arch, Kali, and Raspbian, are not officially supported, but have varying levels of community support.
+ For information about supported macOS versions and about how to install the latest version of PowerShell on macOS, see [Installing PowerShell on macOS](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell-core-on-macos) on Microsoft's website.
**Topics**
+ [
## Prerequisites
](#prerequisites)
+ [Install `AWS.Tools` (recommended)](install-aws.tools-on-linux-macos.md)
+ [Install AWSPowerShell.NetCore](install-netcore-on-linux-macos.md)
# Install `AWS.Tools` on Linux or macOS (recommended)
For general information about installing the AWS Tools for PowerShell on Linux or macOS, including prerequisites and other options, see the [parent topic](pstools-getting-set-up-linux-mac.md).
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
You can install the modularized version of AWS Tools for PowerShell on computers that are running PowerShell Core 6.0 or later. For information about how to install PowerShell Core, see [Installing various versions of PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) on the Microsoft PowerShell website.
You can install `AWS.Tools` in one of three ways:
+ Using the cmdlets in the `AWS.Tools.Installer` module. This module simplifies the installation and update of other `AWS.Tools` modules. `AWS.Tools.Installer` requires `PowerShellGet`, and automatically downloads and installs an updated version of it. `AWS.Tools.Installer` automatically keeps your module versions in sync. When you install or update to a newer version of one module, the cmdlets in `AWS.Tools.Installer` automatically update all of your other `AWS.Tools` modules to the same version.
This method is described in the procedure that follows.
+ Downloading the modules from `[AWS.Tools.zip](https://sdk-for-net.amazonwebservices.com/ps/v5/latest/AWS.Tools.zip)` and extracting them in one of the module directories. You can discover your module directories by printing the value of the `$Env:PSModulePath` variable.
+ Installing each service module from the PowerShell Gallery using the `Install-Module` cmdlet.
**To install `AWS.Tools` on Linux or macOS using the `AWS.Tools.Installer` module**
1. Start a PowerShell Core session by running the following command.
```
$ pwsh
```
**Note**
We recommend that you *don't* run PowerShell as an administrator with elevated permissions except when required by the task at hand. This is because of the potential security risk and is inconsistent with the principle of least privilege.
1. To install the modularized `AWS.Tools` package using the `AWS.Tools.Installer` module, run the following command.
```
PS > Install-Module -Name AWS.Tools.Installer
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure
you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
```
If you are notified that the repository is "untrusted", you are asked if you want to install anyway. Enter **y** to allow PowerShell to install the module. To avoid the prompt and install the module without trusting the repository, you can run the following command.
```
PS > Install-Module -Name AWS.Tools.Installer -Force
```
1. You can now install the module for each service that you want to use. For example, the following command installs the Amazon EC2 and Amazon S3 modules. This command also installs any dependent modules that are required for the specified module to work. For example, when you install your first `AWS.Tools` service module, it also installs `AWS.Tools.Common`. This is a shared module required by all AWS service modules. It also removes older versions of the modules, and updates other modules to the same newer version.
```
PS > Install-AWSToolsModule AWS.Tools.EC2,AWS.Tools.S3 -CleanUp
Confirm
Are you sure you want to perform this action?
Performing the operation "Install-AWSToolsModule" on target "AWS Tools version 4.0.0.0".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"):
Installing module AWS.Tools.Common version 4.0.0.0
Installing module AWS.Tools.EC2 version 4.0.0.0
Installing module AWS.Tools.Glacier version 4.0.0.0
Installing module AWS.Tools.S3 version 4.0.0.0
Uninstalling AWS.Tools version 3.3.618.0
Uninstalling module AWS.Tools.Glacier
Uninstalling module AWS.Tools.S3
Uninstalling module AWS.Tools.SimpleNotificationService
Uninstalling module AWS.Tools.SQS
Uninstalling module AWS.Tools.Common
```
**Note**
The `Install-AWSToolsModule` cmdlet downloads all requested modules from the `PSRepository` named `PSGallery` ([https://www.powershellgallery.com/](https://www.powershellgallery.com/)) and considers the repository as a trusted source. Use the command `Get-PSRepository -Name PSGallery` for more information about this `PSRepository`.
The previous command installs modules into the default directories on your system. The actual directories depend on your operating system distribution and version and on the version of PowerShell you installed. For example, if you installed PowerShell 7 on a RHEL-like system, the default modules are most likely located in `/opt/microsoft/powershell/7/Modules` (or `$PSHOME/Modules`) and user modules are most likely located in `~/.local/share/powershell/Modules`. For more information, see [Install PowerShell on Linux](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-linux) on the Microsoft PowerShell website. To see where modules are installed, run the following command:
```
PS > Get-Module -ListAvailable
```
To install other modules, run similar commands with the appropriate module names, as found in the [PowerShell Gallery](https://www.powershellgallery.com/packages?q=aws).
## Script Execution
The `Set-ExecutionPolicy` command isn't available on non-Windows systems. You can run `Get-ExecutionPolicy`, which shows that the default execution policy setting in PowerShell Core running on non-Windows systems is `Unrestricted`. For more information, see [About Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1) on the Microsoft Technet website.
Because the `PSModulePath` includes the location of the AWS module's directory, the `Get-Module -ListAvailable` cmdlet shows the module that you installed.
**`AWS.Tools`**
```
PS > Get-Module -ListAvailable
Directory: /Users/username/.local/share/powershell/Modules
ModuleType Version Name PSEdition ExportedCommands
---------- ------- ---- --------- ----------------
Binary 3.3.563.1 AWS.Tools.Common Desk {Clear-AWSHistory, Set-AWSHistoryConfiguration, Initialize-AWSDefaultConfiguration, Clear-AWSDefaultConfigurat…
```
## Initialize Your PowerShell Session
When you start PowerShell on a Linux-based or macOS-based system after you have installed the AWS Tools for PowerShell, you must run [Initialize-AWSDefaultConfiguration](https://docs.aws.amazon.com/powershell/v5/reference/items/Initialize-AWSDefaultConfiguration.html) to specify which AWS access key to use. For more information about `Initialize-AWSDefaultConfiguration`, see [Using AWS Credentials](specifying-your-aws-credentials.md).
**Note**
In earlier (before 3.3.96.0) releases of the AWS Tools for PowerShell, this cmdlet was named `Initialize-AWSDefaults`.
## Versioning
AWS releases new versions of the AWS Tools for PowerShell periodically to support new AWS services and features. To determine the version of the AWS Tools for PowerShell that you have installed, run the [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
For example:
```
PS > Get-AWSPowerShellVersion
AWS Tools for PowerShell
Version 5.0.3
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Amazon Web Services SDK for .NET
Core Runtime Version 4.0.0.13
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release notes: https://github.com/aws/aws-tools-for-powershell/blob/main/changelogs/CHANGELOG.ALL.md
This software includes third party software subject to the following copyrights:
- Logging from log4net, Apache License
[http://logging.apache.org/log4net/license.html]
```
To see a list of the supported AWS services in the current version of the tools, add the `-ListServiceVersionInfo` parameter to a [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
To determine the version of PowerShell that you are running, enter `$PSVersionTable` to view the contents of the `$PSVersionTable` [automatic variable](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-6).
For example:
```
PS > $PSVersionTable
Name Value
---- -----
PSVersion 6.2.2
PSEdition Core
GitCommitId 6.2.2
OS Darwin 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
```
## Updating the AWS Tools for PowerShell on Linux or macOS
Periodically, as updated versions of the AWS Tools for PowerShell are released, you should update the version that you are running locally.
### Update the modularized `AWS.Tools` modules
To update your `AWS.Tools` modules to the latest version, run the following command:
```
PS > Update-AWSToolsModule -CleanUp
```
This command updates all of the currently installed `AWS.Tools` modules and, after a successful update, removes the earlier versions.
**Note**
The `Update-AWSToolsModule` cmdlet downloads all modules from the `PSRepository` named `PSGallery` ([https://www.powershellgallery.com/](https://www.powershellgallery.com/)) and considers it a trusted source. Use the `Get-PSRepository -Name PSGallery` command for more information about this `PSRepository`.
## Related Information
+ [Configuring and using the AWS Tools for PowerShell](pstools-getting-started.md)
+ [Calling AWS services in the AWS Tools for PowerShell](pstools-using.md)
# Install AWSPowerShell.NetCore on Linux or macOS
For general information about installing the AWS Tools for PowerShell on Linux or macOS, including prerequisites and other options, see the [parent topic](pstools-getting-set-up-linux-mac.md).
For information about the Tools for PowerShell that are pre-installed on AWS CloudShell, see [Installed on CloudShell](pstools-getting-set-up-cloudshell.md).
**Note**
AWSPowerShell.NetCore is not the recommended method for installing the AWS Tools for PowerShell. For the recommended method, see [Install `AWS.Tools` (recommended)](install-aws.tools-on-linux-macos.md) instead.
To upgrade to a newer release of AWSPowerShell.NetCore, follow the instructions in [Updating the AWS Tools for PowerShell on Linux or macOS](#pstools-updating-linux-netcore). Uninstall earlier versions of AWSPowerShell.NetCore first.
You can install AWSPowerShell.NetCore in one of two ways:
+ Downloading the module from `[AWSPowerShell.NetCore.zip](https://sdk-for-net.amazonwebservices.com/ps/v5/latest/AWSPowerShell.NetCore.zip)` and extracting it in one of the module directories. You can discover your module directories by printing the value of the `$Env:PSModulePath` variable.
+ Installing from the PowerShell Gallery using the `Install-Module` cmdlet as described in the following procedure.
**To install AWSPowerShell.NetCore on Linux or macOS using the Install-Module cmdlet**
Start a PowerShell Core session by running the following command.
```
$ pwsh
```
**Note**
We recommend that you *don't* start PowerShell by running `sudo pwsh` to run PowerShell with elevated, administrator rights. This is because of the potential security risk and is inconsistent with the principle of least privilege.
To install the AWSPowerShell.NetCore single-module package from the PowerShell Gallery, run the following command.
```
PS > Install-Module -Name AWSPowerShell.NetCore
Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure
you want to install the modules from 'PSGallery'?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "N"): y
```
If you are notified that the repository is "untrusted", you are asked if you want to install anyway. Enter **y** to allow PowerShell to install the module. To avoid the prompt without trusting the repository, you can run the following command.
```
PS > Install-Module -Name AWSPowerShell.NetCore -Force
```
You don't have to run this command as root, unless you want to install the AWS Tools for PowerShell for all users of a computer. To do this, run the following command in a PowerShell session that you have started with `sudo pwsh`.
```
PS > Install-Module -Scope AllUsers -Name AWSPowerShell.NetCore -Force
```
## Script Execution
The `Set-ExecutionPolicy` command isn't available on non-Windows systems. You can run `Get-ExecutionPolicy`, which shows that the default execution policy setting in PowerShell Core running on non-Windows systems is `Unrestricted`. For more information, see [About Execution Policies](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_execution_policies?view=powershell-5.1) on the Microsoft Technet website.
Because the `PSModulePath` includes the location of the AWS module's directory, the `Get-Module -ListAvailable` cmdlet shows the module that you installed.
**AWSPowerShell.NetCore**
```
PS > Get-Module -ListAvailable
Directory: /Users/username/.local/share/powershell/Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Binary 3.3.563.1 AWSPowerShell.NetCore
```
## Configure a PowerShell Console to Use the AWS Tools for PowerShell Core (AWSPowerShell.NetCore Only)
PowerShell Core typically loads modules automatically whenever you run a cmdlet in the module. But this doesn't work for AWSPowerShell.NetCore because of its large size. To start running AWSPowerShell.NetCore cmdlets, you must first run the `Import-Module AWSPowerShell.NetCore` command. This isn't required for cmdlets in `AWS.Tools` modules.
## Initialize Your PowerShell Session
When you start PowerShell on a Linux-based or macOS-based system after you have installed the AWS Tools for PowerShell, you must run [Initialize-AWSDefaultConfiguration](https://docs.aws.amazon.com/powershell/v5/reference/items/Initialize-AWSDefaultConfiguration.html) to specify which AWS access key to use. For more information about `Initialize-AWSDefaultConfiguration`, see [Using AWS Credentials](specifying-your-aws-credentials.md).
**Note**
In earlier (before 3.3.96.0) releases of the AWS Tools for PowerShell, this cmdlet was named `Initialize-AWSDefaults`.
## Versioning
AWS releases new versions of the AWS Tools for PowerShell periodically to support new AWS services and features. To determine the version of the AWS Tools for PowerShell that you have installed, run the [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
For example:
```
PS > Get-AWSPowerShellVersion
AWS Tools for PowerShell
Version 5.0.3
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Amazon Web Services SDK for .NET
Core Runtime Version 4.0.0.13
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release notes: https://github.com/aws/aws-tools-for-powershell/blob/main/changelogs/CHANGELOG.ALL.md
This software includes third party software subject to the following copyrights:
- Logging from log4net, Apache License
[http://logging.apache.org/log4net/license.html]
```
To see a list of the supported AWS services in the current version of the tools, add the `-ListServiceVersionInfo` parameter to a [Get-AWSPowerShellVersion](https://docs.aws.amazon.com/powershell/v5/reference/items/Get-AWSPowerShellVersion.html) cmdlet.
To determine the version of PowerShell that you are running, enter `$PSVersionTable` to view the contents of the `$PSVersionTable` [automatic variable](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_automatic_variables?view=powershell-6).
For example:
```
PS > $PSVersionTable
Name Value
---- -----
PSVersion 6.2.2
PSEdition Core
GitCommitId 6.2.2
OS Darwin 18.7.0 Darwin Kernel Version 18.7.0: Tue Aug 20 16:57:14 PDT 2019; root:xnu-4903.271.2~2/RELEASE_X86_64
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0
```
## Updating the AWS Tools for PowerShell on Linux or macOS
Periodically, as updated versions of the AWS Tools for PowerShell are released, you should update the version that you are running locally.
### Update the Tools for PowerShell Core
Run the `Get-AWSPowerShellVersion` cmdlet to determine the version that you are running, and compare that with the version of Tools for Windows PowerShell that is available on the [PowerShell Gallery](https://www.powershellgallery.com/packages/AWSPowerShell) website. We suggest you check every two to three weeks. Support for new commands and AWS services is available only after you update to a version with that support.
Before you install a newer release of AWSPowerShell.NetCore, uninstall the existing module. Close any open PowerShell sessions before you uninstall the existing package. Run the following command to uninstall the package.
```
PS > Uninstall-Module -Name AWSPowerShell.NetCore -AllVersions
```
After the package is uninstalled, install the updated module by running the following command.
```
PS > Install-Module -Name AWSPowerShell.NetCore
```
After installation, run the command `Import-Module AWSPowerShell.NetCore` to load the updated cmdlets into your PowerShell session.
## Related Information
+ [Configuring and using the AWS Tools for PowerShell](pstools-getting-started.md)
+ [Calling AWS services in the AWS Tools for PowerShell](pstools-using.md)
# Authenticating the AWS Tools for PowerShell with AWS
You must establish how your code authenticates with AWS when developing with AWS services. There are different ways in which you can configure programmatic access to AWS resources, depending on the environment and the AWS access available to you.
To see various methods of authentication for the Tools for PowerShell, see [Authentication and access](https://docs.aws.amazon.com/sdkref/latest/guide/access.html) in the *AWS SDKs and Tools Reference Guide*.
This topic assumes that a new user is developing locally, has not been given a method of authentication by their employer, and will be using AWS IAM Identity Center to obtain temporary credentials. If your environment doesn't fall under these assumptions, some of the information in this topic might not apply to you, or some of the information might have already been given to you.
Configuring this environment requires several steps, which are summarized as follows:
1. [Login using console credentials](#login-con-creds)
1. [Enable and configure IAM Identity Center](#idc-config-sso)
1. [Configure the Tools for PowerShell to use IAM Identity Center.](#idc-config-sdk)
1. [Start an AWS access portal session](#idc-start-portal)
## Login using console credentials
You can use your existing AWS Management Console sign-in credentials for programmatic access to AWS services. After a browser-based authentication flow, AWS Tools for PowerShell generates temporary credentials that work across local development tools like the AWS SDKs, AWS Tools for PowerShell and AWS CLI. This feature simplifies the process of configuring and managing CLI credentials, especially if you prefer interactive authentication over managing long-term access keys.
With this process, you can authenticate using root credentials created during initial account set up, an IAM user, or a federated identity from your identity provider, and Tools for PowerShell automatically manages the temporary credentials for you. This approach enhances security by eliminating the need to store long-term credentials locally.
When you run the `Invoke-AWSLogin` cmdlet, you can select from your active console sessions, or sign in through the browser-based authentication flow and this will automatically generate temporary credentials. AWS Tools for PowerShell will automatically refresh these credentials for up to 12 hours.
Once configured, your session can be used in AWS Tools for PowerShell and all other AWS SDKs and Tools.
### Prerequisites
+ Access to sign into the AWS Management Console as a root user, IAM user, or through federation with IAM. If you use IAM Identity Center, go to [Configure the Tools for PowerShell to use IAM Identity Center.](#idc-config-sdk) instead.
+ Ensure the IAM identity has the appropriate permissions. Attach the [SignInLocalDevelopmentAccess](https://docs.aws.amazon.com/signin/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-SignInLocalDevelopmentAccess) managed policy to your IAM user, role, or group. If you sign in as a root user, no additional permissions are required.
### Log in to AWS with the Invoke-AWSLogin Cmdlet
Run the `Invoke-AWSLogin` cmdlet to authenticate using your existing AWS Management Console credentials. If you have not previously configured a profile, you will be prompted for additional information.
To sign in or configure a profile follow the below steps.
1. Make sure you have imported the correct module you have installed from the installation guide.
**Note**
We have three different modules for PowerShell - `AWS.Tools`, `AWSPowerShell.NetCore` and `AWSPowerShell`. See [What are the AWS Tools for PowerShell?](pstools-welcome.md) for more information.
+ In your PowerShell terminal, run the cmdlet. This will use the `default` profile.
```
PS > Invoke-AWSLogin
```
+ To sign in to a named profile or create a new one, use the `-ProfileName` parameter.
```
PS > Invoke-AWSLogin -ProfileName 'my-dev-profile'
```
+ If this is a new profile or no AWS Region has been specified or configured in any of your previous profiles/environment variables, the cmdlet prompts you to provide a region.
```
Press Ctrl+C to cancel the following login prompts.
Specify AWS Region
No AWS region has been configured. The AWS region is the geographic location of your AWS resources.
If you've used AWS before and already have resources in your account, tell us which region they were created in. If you
haven't created resources in your account before, you can pick the region closest to you:
https://docs.aws.amazon.com/global-infrastructure/latest/regions/aws-regions.html
AWS Region:
```
1. The AWS Tools for PowerShell attempts to open your default browser for the sign in process of your AWS account.
```
Using region 'us-west-2'
Attempting to open the login page for 'us-west-2' in your default browser.
If the browser does not open, use the following URL to complete your login:
https://signin.us-west-2.amazonaws.com/authorize?
If you cannot connect to this URL, make sure that you have specified a valid region.
```
+ If the device using AWS Tools for PowerShell does not have a browser, you can use the `-Remote` parameter to provide a URL for you to open on a browser-enabled device.
```
PS > Invoke-AWSLogin -Remote
```
+ If you used the `-Remote` parameter, instructions to manually start the sign in process are displayed based on the type of authorization you are using. The URL displayed is a unique URL starting with: https://signin.us-east-1.amazonaws.com/authorize. Once you complete the browser log in, you will need to copy and paste the resulting authorization code back in the terminal.
```
Press Ctrl+C to cancel the following login prompts.
Using region 'us-west-2' determined by profile/environment defaults. To override, specify '-Region' parameter.
Please complete the login workflow via the following URL:
https://us-west-2.signin.aws.amazon.com/v1/authorize?
Please enter the authorization code displayed in the browser:
```
1. In the browser, select your credentials to use from the displayed list and then return to your terminal.
+ If the profile you are configuring has a previously configured login session that does not match your new session, the AWS Tools for PowerShell prompts you to confirm that you are switching the session that corresponds to the existing profile.
```
WARNING: Previously profile default was configured for arn:aws:iam::0123456789012:user/ReadOnly,
and is now being updated to arn:aws:iam::0123456789012:user/Admin.
Do you wish to change the identity that default is associated with? (y/n)
```
1. A final message describes the completed profile configuration.
```
Login completed successfully for profile 'my-dev-profile'.
```
The authentication token is cached to disk under the .aws/login/cache directory with a hash filename based on the resolved profile.
#### Generated configuration file
These steps result in creating the default or specified profile in the config file that looks like the following:
```
[default]
login_session = arn:aws:iam::0123456789012:user/username
region = us-east-1
[my-dev-profile]
login_session = arn:aws:iam::0123456789012:user/username
region = us-east-1
```
#### Run a command with your profile
Once signed in, you can use your credentials to invoke Tools for PowerShell cmdlets with the associated profile. The following example calls the `Get-STSCallerIdentity` cmdlet using the default profile:
```
PS > Get-STSCallerIdentity
```
To check for a specific session, use the `-ProfileName` parameter.
```
PS > Get-STSCallerIdentity -ProfileName 'my-dev-profile'
```
The temporary credential token will expire in 15 minutes, but the AWS Tools for PowerShell and SDKs automatically refresh the token when needed during your requests. The overall session will be valid for up to 12 hours, after which you must run the `Invoke-AWSLogin` cmdlet again.
#### Signing out of your session using the `Invoke-AWSLogout` cmdlet
When you are done with your session, you can let your credentials expire, or run the `Invoke-AWSLogout` cmdlet to delete your cached credentials. If no profile is specified in the CLI or in the AWS\$1PROFILE environment variable, the command signs you out of your default profile. The following example signs you out of your default profile.
```
PS > Invoke-AWSLogout
```
To sign out of a specific profile session, use the `-ProfileName` parameter.
```
PS > Invoke-AWSLogout -ProfileName 'my-dev-profile'
```
To sign out of all the profile sessions you've logged in, use the `-All` parameter.
```
PS > Invoke-AWSLogout -All
```
#### Cached Credentials
The temporary cached credentials, as well as the metadata required to refresh them are stored by default in `%USERPROFILE%\.aws\login\cache` on Windows or `~/.aws/login/cache` on Linux and MacOS.
You can override this location by setting the `AWS_LOGIN_CACHE_DIRECTORY` environment variable.
## Enable and configure IAM Identity Center
To use AWS IAM Identity Center, it must first be enabled and configured. To see details about how to do this for PowerShell, look at **Step 1** in the topic for [IAM Identity Center authentication](https://docs.aws.amazon.com/sdkref/latest/guide/access-sso.html) in the *AWS SDKs and Tools Reference Guide*. Specifically, follow any necessary instructions under **I do not have established access through IAM Identity Center**.
## Configure the Tools for PowerShell to use IAM Identity Center.
**Note**
Starting with version 4.1.538 of the Tools for PowerShell, the recommended method to configure SSO credentials and start an AWS access portal session is to use the [https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Initialize-AWSSSOConfiguration.html&tocid=Initialize-AWSSSOConfiguration](https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Initialize-AWSSSOConfiguration.html&tocid=Initialize-AWSSSOConfiguration) and [https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Invoke-AWSSSOLogin.html&tocid=Invoke-AWSSSOLogin](https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Invoke-AWSSSOLogin.html&tocid=Invoke-AWSSSOLogin) cmdlets, as described in this topic. If you don't have access to that version of the Tools for PowerShell (or later) or can't use those cmdlets, you can still perform these tasks by using the AWS CLI. To find out how, see [Use the AWS CLI for portal login](creds-idc-cli.md).
The following procedure updates the shared AWS `config` file with SSO information that the Tools for PowerShell uses to obtain temporary credentials. As a consequence of this procedure, an AWS access portal session is also started. If the shared `config` file already has SSO information and you just want to know how to start an access portal session using the Tools for PowerShell, see the next section in this topic, [Start an AWS access portal session](#idc-start-portal).
1. If you haven't already done so, open PowerShell and install the AWS Tools for PowerShell as appropriate for your operating system and environment, including the common cmdlets. For information about how to do this, see [Get started with the AWS Tools for PowerShell](pstools-getting-set-up.md).
For example, if installing the modularized version of the Tools for PowerShell on Windows, you would most likely run commands similar to the following:
```
Install-Module -Name AWS.Tools.Installer
Install-AWSToolsModule AWS.Tools.Common
```
1. Run the following command. Replace the example property values with values from your IAM Identity Center configuration. For information about these properties and how to find them, see [IAM Identity Center credential provider settings](https://docs.aws.amazon.com/sdkref/latest/guide/feature-sso-credentials.html#feature-sso-credentials-profile) in the *AWS SDKs and Tools Reference Guide*.
```
$params = @{
ProfileName = 'my-sso-profile'
AccountId = '111122223333'
RoleName = 'SamplePermissionSet'
SessionName = 'my-sso-session'
StartUrl = 'https://provided-domain.awsapps.com/start'
SSORegion = 'us-west-2'
RegistrationScopes = 'sso:account:access'
};
Initialize-AWSSSOConfiguration @params
```
Alternatively, you can simply use the cmdlet by itself, `Initialize-AWSSSOConfiguration`, and the Tools for PowerShell prompts you for the property values.
Considerations for certain property values:
+ If you simply followed the instructions to [enable and configure IAM Identity Center](#idc-config-sso), the value for `-RoleName` might be `PowerUserAccess`. But if you created an IAM Identity Center permission set specifically for PowerShell work, use that instead.
+ Be sure to use the AWS Region where you have configured IAM Identity Center.
1. At this point, the shared AWS `config` file contains a profile called `my-sso-profile` with a set of configuration values that can be referenced from the Tools for PowerShell. To find the location of this file, see [Location of the shared files](https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html) in the *AWS SDKs and Tools Reference Guide*.
The Tools for PowerShell uses the profile's SSO token provider to acquire credentials before sending requests to AWS. The `sso_role_name` value, which is an IAM role connected to an IAM Identity Center permission set, should allow access to the AWS services used in your application.
The following sample shows the profile that was created by using the command shown above. Some of the property values and their order might be different in your actual profile. The profile's `sso-session` property refers to the section named `my-sso-session`, which contains settings to initiate an AWS access portal session.
```
[profile my-sso-profile]
sso_account_id=111122223333
sso_role_name=SamplePermissionSet
sso_session=my-sso-session
[sso-session my-sso-session]
sso_region=us-west-2
sso_registration_scopes=sso:account:access
sso_start_url=https://provided-domain.awsapps.com/start/
```
1. If you already have an active AWS access portal session, the Tools for PowerShell informs you that you are already logged in.
If that's not the case, the Tools for PowerShell attempts to automatically open the SSO authorization page in your default web browser. Follow the prompts in your browser, which might include an SSO authorization code, username and password, and permission to access AWS IAM Identity Center accounts and permission sets.
The Tools for PowerShell informs you that SSO login was successful.
## Start an AWS access portal session
Before running commands that accesses AWS services, you need an active AWS access portal session so that the Tools for PowerShell can use IAM Identity Center authentication to resolve credentials. To sign in to the AWS access portal, run the following command in PowerShell, where `-ProfileName my-sso-profile` is the name of the profile that was created in the shared `config` file when you followed the procedure in the previous section of this topic.
```
Invoke-AWSSSOLogin -ProfileName my-sso-profile
```
If you already have an active AWS access portal session, the Tools for PowerShell informs you that you are already logged in.
If that's not the case, the Tools for PowerShell attempts to automatically open the SSO authorization page in your default web browser. Follow the prompts in your browser, which might include an SSO authorization code, username and password, and permission to access AWS IAM Identity Center accounts and permission sets.
The Tools for PowerShell informs you that SSO login was successful.
To test if you already have an active session, run the following command after installing or importing the `AWS.Tools.SecurityToken` module as needed.
```
Get-STSCallerIdentity -ProfileName my-sso-profile
```
The response to the `Get-STSCallerIdentity` cmdlet reports the IAM Identity Center account and permission set configured in the shared `config` file.
## Example
The following is an example of how to use IAM Identity Center with the Tools for PowerShell. It assumes the following:
+ You have enabled IAM Identity Center and configured it as described previously in this topic. The SSO properties are in the `my-sso-profile` profile, which was configured earlier in this topic.
+ When you log in through the `Initialize-AWSSSOConfiguration` or `Invoke-AWSSSOLogin` cmdlets, the user has at least read-only permissions for Amazon S3.
+ Some S3 buckets are available for that user to view.
Install or import the `AWS.Tools.S3` module as needed and then use the following PowerShell command to display a list of the S3 buckets.
```
Get-S3Bucket -ProfileName my-sso-profile
```
## Additional information
+ For more options on authentication for the Tools for PowerShell, such as the use of profiles and environment variables, see the [configuration](https://docs.aws.amazon.com/sdkref/latest/guide/creds-config-files.html) chapter in the *AWS SDKs and Tools Reference Guide*.
+ Some commands require an AWS Region to be specified. There are a number of ways to do so, including the `-Region` cmdlet option, the `[default]` profile, and the `AWS_REGION` environment variable. For more information, see [Specify the AWS Region for the AWS Tools for PowerShell](pstools-installing-specifying-region.md) in this guide and [AWS Region](https://docs.aws.amazon.com/sdkref/latest/guide/feature-region.html) in the *AWS SDKs and Tools Reference Guide*.
+ To learn more about best practices, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the *IAM User Guide*.
+ To create short-term AWS credentials, see [Temporary Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) in the *IAM User Guide*.
+ To learn about other credential providers, see [Standardized credential providers](https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html) in the *AWS SDKs and Tools Reference Guide*.
**Topics**
+ [
## Login using console credentials
](#login-con-creds)
+ [
## Enable and configure IAM Identity Center
](#idc-config-sso)
+ [
## Configure the Tools for PowerShell to use IAM Identity Center.
](#idc-config-sdk)
+ [
## Start an AWS access portal session
](#idc-start-portal)
+ [
## Example
](#idc-short-example)
+ [
## Additional information
](#idc-additional-info)
+ [Use the AWS CLI](creds-idc-cli.md)
# Use the AWS CLI for portal login
Starting with version 4.1.538 of the Tools for PowerShell, the recommended method to configure SSO credentials and start an AWS access portal session is to use the [https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Initialize-AWSSSOConfiguration.html&tocid=Initialize-AWSSSOConfiguration](https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Initialize-AWSSSOConfiguration.html&tocid=Initialize-AWSSSOConfiguration) and [https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Invoke-AWSSSOLogin.html&tocid=Invoke-AWSSSOLogin](https://docs.aws.amazon.com/powershell/v5/reference/index.html?page=Invoke-AWSSSOLogin.html&tocid=Invoke-AWSSSOLogin) cmdlets, as described in [Authenticating the AWS Tools for PowerShell with AWS](creds-idc.md). If you don't have access to that version of the Tools for PowerShell (or later) or can't use those cmdlets, you can still perform these tasks by using the AWS CLI.
## Configure the Tools for PowerShell to use IAM Identity Center through the AWS CLI.
If you haven't already done so, be sure to [Enable and configure IAM Identity Center](creds-idc.md#idc-config-sso) before you proceed.
Information about how to configure the Tools for PowerShell to use IAM Identity Center through the AWS CLI is in **Step 2** in the topic for [IAM Identity Center authentication](https://docs.aws.amazon.com/sdkref/latest/guide/access-sso.html) in the *AWS SDKs and Tools Reference Guide*. After you complete this configuration, your system should contain the following elements:
+ The AWS CLI, which you use to start an AWS access portal session before you run your application.
+ The shared AWS `config` file that contains a [`[default]` profile](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html#file-format-profile) with a set of configuration values that can be referenced from the Tools for PowerShell. To find the location of this file, see [Location of the shared files](https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html) in the *AWS SDKs and Tools Reference Guide*. The Tools for PowerShell uses the profile's SSO token provider to acquire credentials before sending requests to AWS. The `sso_role_name` value, which is an IAM role connected to an IAM Identity Center permission set, should allow access to the AWS services used in your application.
The following sample `config` file shows a `[default]` profile set up with an SSO token provider. The profile's `sso_session` setting refers to the named `sso-session` section. The `sso-session` section contains settings to initiate an AWS access portal session.
```
[default]
sso_session = my-sso
sso_account_id = 111122223333
sso_role_name = SampleRole
region = us-east-1
output = json
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://provided-domain.awsapps.com/start
sso_registration_scopes = sso:account:access
```
**Important**
Your PowerShell session must have the following modules installed and imported so that SSO resolution can work:
`AWS.Tools.SSO`
`AWS.Tools.SSOOIDC`
If you're using an older version of the Tools for PowerShell and you don't have these modules, you will get an error similar to the following: "Assembly AWSSDK.SSOOIDC could not be found...".
## Start an AWS access portal session
Before running commands that accesses AWS services, you need an active AWS access portal session so that the Tools for Windows PowerShell can use IAM Identity Center authentication to resolve credentials. Depending on your configured session lengths, your access will eventually expire and the Tools for Windows PowerShell will encounter an authentication error. To sign in to the AWS access portal, run the following command in the AWS CLI.
```
aws sso login
```
Since you are using the `[default]` profile, you do not need to call the command with the `--profile` option. If your SSO token provider configuration is using a named profile, the command is `aws sso login --profile named-profile` instead. For more information about named profiles, see the [Profiles](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html#file-format-profile) section in the *AWS SDKs and Tools Reference Guide*.
To test if you already have an active session, run the following AWS CLI command (with the same consideration for named profile):
```
aws sts get-caller-identity
```
The response to this command should report the IAM Identity Center account and permission set configured in the shared `config` file.
**Note**
If you already have an active AWS access portal session and run `aws sso login`, you will not be required to provide credentials.
The sign-in process might prompt you to allow the AWS CLI access to your data. Because the AWS CLI is built on top of the SDK for Python, permission messages may contain variations of the `botocore` name.
## Example
The following is an example of how to use IAM Identity Center with the Tools for PowerShell. It assumes the following:
+ You have enabled IAM Identity Center and configured it as described previously in this topic. The SSO properties are in the `[default]` profile.
+ When you log in through the AWS CLI by using `aws sso login`, that user has at least read-only permissions for Amazon S3.
+ Some S3 buckets are available for that user to view.
Use the following PowerShell commands to display a list of the S3 buckets:
```
Install-Module AWS.Tools.Installer
Install-AWSToolsModule S3
# And if using an older version of the AWS Tools for PowerShell:
Install-AWSToolsModule SSO, SSOOIDC
# In older versions of the AWS Tools for PowerShell, we're not invoking a cmdlet from these modules directly,
# so we must import them explicitly:
Import-Module AWS.Tools.SSO
Import-Module AWS.Tools.SSOOIDC
# Older versions of the AWS Tools for PowerShell don't support the SSO login flow, so login with the CLI
aws sso login
# Now we can invoke cmdlets using the SSO profile
Get-S3Bucket
```
As mentioned above, since you are using the `[default]` profile, you do not need to call the `Get-S3Bucket` cmdlet with the `-ProfileName` option. If your SSO token provider configuration is using a named profile, the command is `Get-S3Bucket -ProfileName named-profile`. For more information about named profiles, see the [Profiles](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html#file-format-profile) section in the *AWS SDKs and Tools Reference Guide*.
## Additional information
+ For more options on authentication for the Tools for PowerShell, such as the use of profiles and environment variables, see the [configuration](https://docs.aws.amazon.com/sdkref/latest/guide/creds-config-files.html) chapter in the *AWS SDKs and Tools Reference Guide*.
+ Some commands require an AWS Region to be specified. There are a number of ways to do so, including the `-Region` cmdlet option, the `[default]` profile, and the `AWS_REGION` environment variable. For more information, see [Specify the AWS Region for the AWS Tools for PowerShell](pstools-installing-specifying-region.md) in this guide and [AWS Region](https://docs.aws.amazon.com/sdkref/latest/guide/feature-region.html) in the *AWS SDKs and Tools Reference Guide*.
+ To learn more about best practices, see [Security best practices in IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the *IAM User Guide*.
+ To create short-term AWS credentials, see [Temporary Security Credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) in the *IAM User Guide*.
+ To learn about other credential providers, see [Standardized credential providers](https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html) in the *AWS SDKs and Tools Reference Guide*.