Listen to this Post
If you have access to multiple AWS accounts, managing credentials and switching between them can be cumbersome. A utility called aws-vault simplifies this process by securely storing your AWS credentials in your OS keychain instead of leaving them in plain text on your filesystem. This tool, although not officially from AWS, enhances security and streamlines credential management.
Using AWS Vault with AWS SAM
AWS SAM (Serverless Application Model) is an Infrastructure as Code (IaC) tool that works seamlessly with AWS Vault. Below is an example of how to use both tools together for deploying an S3 bucket:
1. Install AWS Vault
brew install aws-vault
2. Add AWS Credentials
aws-vault add my-profile
3. Deploy S3 Bucket Using AWS SAM
Create a `template.yaml` file for your SAM application:
AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources: MyS3Bucket: Type: AWS::S3::Bucket Properties: BucketName: my-unique-bucket-name
4. Deploy with AWS Vault
Use AWS Vault to assume the role and deploy the SAM template:
aws-vault exec my-profile -- sam deploy --template-file template.yaml --stack-name my-stack --capabilities CAPABILITY_IAM
What Undercode Say
Managing multiple AWS accounts and credentials can be challenging, but tools like aws-vault and AWS SAM make it easier and more secure. By leveraging the keychain storage of your operating system, aws-vault ensures that your credentials are not exposed in plain text files. AWS SAM, on the other hand, simplifies the deployment of serverless applications, making it an excellent choice for developers working with AWS services like S3, Lambda, and API Gateway.
To further enhance your workflow, consider integrating additional AWS CLI commands for monitoring and managing your resources. For example:
– List S3 Buckets
aws-vault exec my-profile -- aws s3 ls
– Delete an S3 Bucket
aws-vault exec my-profile -- aws s3 rb s3://my-unique-bucket-name --force
For those working in Linux environments, you can automate credential management using shell scripts. For example:
#!/bin/bash export AWS_ACCESS_KEY_ID=$(aws-vault exec my-profile -- aws configure get aws_access_key_id) export AWS_SECRET_ACCESS_KEY=$(aws-vault exec my-profile -- aws configure get aws_secret_access_key)
If you’re working with Windows, PowerShell scripts can achieve similar results:
$env:AWS_ACCESS_KEY_ID = aws-vault exec my-profile -- aws configure get aws_access_key_id $env:AWS_SECRET_ACCESS_KEY = aws-vault exec my-profile -- aws configure get aws_secret_access_key
For more advanced use cases, explore the official AWS SAM documentation: AWS SAM Documentation.
By combining these tools and commands, you can create a secure, efficient, and scalable workflow for managing AWS resources. Whether you’re deploying serverless applications or managing multiple accounts, these practices will help you stay organized and secure.
References:
Hackers Feeds, Undercode AI
