Must move this page to make it public, once it is complete.
Use Case
This document shows how to setup and use the awscli-login tool to retrieve temporary AWS access keys using your Cornell netid credentials and Duo (i.e., Cornell Two-Step Login). Using temporary access keys associated with an AWS role to authenticate to the AWS Command Line Interface (CLI) is much more safer than using fixed AWS access keys tied to an IAM user. Now that this option is available to Cornell AWS users, we recommend that fixed access keys no longer be used for humans using the AWS CLI.
Prerequisites
- If you don't have the AWS CLI installed yet, that's great. Start by checking that you have Python 3.5+, then worry about the AWS CLI.
- If you already have the AWS CLI installed, you'll need to make sure that it is using Python 3.5+. If it isn't, then the awscli-login plugin won't work properly and installing it may break AWS CLI installs that are NOT using Python 3.5+.
Python 3.5+
$ python --version Python 2.7.14 # Python 2.x is installed! $ python3 --version -bash: python3: command not found # Python 3.5+ is not installed!