Skip to main content
Table of contents

AWS accounts

Use AWS on the command line


1. Create ~/.aws/config

  1. You can find the role_arn in the “Role ARN” table
  2. You can find your mfa_serial under “Assigned MFA device” in your user profile in the AWS Console, under the IAM service:

Aws how to get mfa

Create ~/.aws/config:

[profile govuk-<environment>]
source_profile = gds
role_arn = <Role ARN>
mfa_serial = <MFA ARN>

[profile gds]
region = eu-west-1
mfa_serial = <MFA ARN>

2. Create ~/.aws/credentials

First, create a pair of access keys.

Aws how to get access keys

Create ~/.aws/credentials:

aws_access_key_id = <access key id>
aws_secret_access_key = <secret access key>

3. Test it! 🚀

To test your configuration run:

aws --profile govuk-integration s3 ls

You should be prompted for an MFA token. If successful, you should receive some output.

This page was last reviewed on 7 August 2019. It needs to be reviewed again on 7 November 2019 by the page owner #govuk-2ndline .
This page was set to be reviewed before 7 November 2019 by the page owner #govuk-2ndline. This might mean the content is out of date.