What are the steps needed to set up and use security for AWS command line tools?

Posted by chris on Server Fault See other posts from Server Fault or by chris
Published on 2012-10-15T17:47:10Z Indexed on 2012/10/15 21:40 UTC
Read the original article Hit count: 294

Filed under:

amazon-web-services

|

certificate

|

amazon-iam

I've been trying to set up the AWS command-line tools following Eric's most useful guide at http://alestic.com/2012/09/aws-command-line-tools.

I can't seem to find a good how-to for how to generate the x509 certificate and private key, and how that relates to the various security files the guide creates.

Update:

I have found a couple of links that describe the some steps. These steps seem to work, however I'm not sure if this is secure & the best way to do it:

1) Create a private key

openssl genrsa -out my-private-key.pem 2048

2) Create x.509 cert

openssl req -new -x509 -key my-private-key.pem -out my-x509-cert.pem -days 365

Hit enter to accept all of the defaults.

Then, from the IAM Dashboard, User, select a user & click on the "Security Credentials" tab. Click on "Manage Signing Certificates", then "Upload Signing Certificate", paste in the contents of my-x509-cert.pem, click OK and it should be accepted.

One step that is discussed, but not required for me, was the addition and subsequent removal of a pass phrase on the private key. Should I have been prompted for one, and is my cert potentially unsafe because of this?

© Server Fault or respective owner

Related posts about amazon-web-services

amazon web services and sql server support

as seen on Server Fault - Search for 'Server Fault'
Hi All, I have built my application using sql server 2008 and .net framework 3.5 I am looking for a sclable hosting service and have come to think of amazon web services. Does amazon also support hosting of sql server 2008 databases? What hosting services do you advise Thank you. >>> More
Unable to list owned images and running instances from Amazon Web Services using Zend Framework

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using Zend Framework's library to manage EC2 instances and AMI. However I can't list the AMI's I own and can't list existing EC2 instances. $ec2Instance = new Zend_Service_Amazon_Ec2_Instance($awsAccessKey, $awsSecretKey); $instances = $ec2Instance ->describe(); $ec2Instance -describe()… >>> More
Amazon Web services - retrieving a wishlist

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been tinkering with Yahoo Pipes and the Amazon E-Commerce Service (ECS) SDK to retrieve my wishlist. The problem is that although I can get all the items on my wishlist just fine, it seems to include items that I've deleted too. Has anyone else used this API and noticed this? Is there a way… >>> More
Amazon Web Services: A Developer Primer

as seen on Internet.com - Search for 'Internet.com'
With Amazon Web Services (AWS), developers get both scalable services that they can use to architect their applications and the flexibility to run any software on Amazon's compute cloud. >>> More
amazon web services

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Has anyone of you worked on amazon web services? I just wanted to retrieve the citations of a given book. Is this possible using the aws? Is aws free? Thanks. >>> More

Related posts about certificate

IIS SSL Certificate Renewal Pain

as seen on West-Wind - Search for 'West-Wind'
I’m in the middle of my annual certificate renewal for the West Wind site and I can honestly say that I hate IIS’s certificate system. When it works it’s fine, but when it doesn’t man can it be a pain. Because I deal with public certificates on my site merely once a year, and you have to perform… >>> More
apache Client Certificate Authentication errors: Certificate Verification: Error (18): self signed certificate

as seen on Server Fault - Search for 'Server Fault'
So I have been following instructions on setting up Client Certificate Authentication in Apache2 w/ mod_ssl. This is solely for the purpose of testing an application against CAA, not for any sort of production use. So far I've followed http://www.impetus.us/~rjmooney/projects/misc/clientcertauth… >>> More
Nginx and client certificates from hierarchical OpenSSL-based certification authorities

as seen on Server Fault - Search for 'Server Fault'
I'm trying to set up root certification authority, subordinate certification authority and to generate the client certificates signed by any of this CA that nginx 0.7.67 on Debian Squeeze will accept. My problem is that root CA signed client certificate works fine while subordinate CA signed one results… >>> More
How to find, whether the certificate is a private certificate or a public certificate

as seen on Stack Overflow - Search for 'Stack Overflow'
I have to write a MSI, where in i have to give only the public certicate. In case the user gives a private certificate, it should pop up an error message. >>> More
Developer certificate vs purchased certificate for WCF

as seen on Stack Overflow - Search for 'Stack Overflow'
I understsand that if I want to use authentication in WCF then I need to install a certificate on my server which WCF will use to encrypt data passing between my server and client. For development purposes I believe I can use the makecert.exe util. to make a development certificate. What is the… >>> More