Skip to content
Luca Dell'Oca Principal Cloud Architect @Veeam
Virtual To The Core Virtual To The Core

Virtualization blog, the italian way.

  • Media
  • About me
Virtual To The Core
Virtual To The Core

Virtualization blog, the italian way.

Using AWS credentials in Powershell scripts

Luca Dell'Oca, March 24, 2020March 21, 2020

Lately I was updating a couple of my scripts, and when I re-used my script that automatically updates AWS records for Let’s Encrypt DNS challenges, I realised that I never stored my AWS credentials anywhere, but I was just using those cached into my powershell environment. Time to have some proper credential management.

Some theory

AWS Powershell toolkit stores the credentials in two possible ways.

First option is the AWS SDK store, which encrypts your credentials and stores them in your home folder. In Windows, this store is located at:

C:\Users\username\AppData\Local\AWSToolkit\RegisteredAccounts.json

The other option is the shared credentials file, which is also located in your home folder, but stores credentials as plain text. By default, the credentials file is stored in:

C:\Users\username\.aws\credentials

Needless to say, I really prefer the cyphered SDK store. Mine was sadly empty, as an additional proof that I never really used it.

Storing AWS credentials in profiles

So, how do we store the credentials there? It’s really simple. Once we have our Access Key and Secret Key couple, we can store them as a Profile in the SDK Store. In this way, the profile can then be invoked inside other scripts, without the need to remember the keys or to show them in clear text.

This is how we save the couple in a new profile:

Set-AWSCredential -AccessKey AKIA0123456787EXAMPLE -SecretKey wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY -StoreAs MyNewProfile

Then, we can check the list of existing profiles using

Get-AWSCredential -ListProfileDetail

Together with the TestProfile that I created in this blog post, I have a real profile, that I use to update Route53 in my Let’s Encrypt script. They are both stored into the RegisteredAccounts.json file.

Using the profiles in scripts

Now that the profile has been stored, we can use it in our script.

All AWS tools can find your credentials automatically on your local computer if the credentials are stored in a profile named default. I don’t have my profile stored like this, so I need to load it in my script explicitely. To do so, I can use:

Set-AWSCredential -ProfileName MyProfileName

The profile can now be used in the script.

Share this:

  • Click to share on X (Opens in new window) X
  • Click to share on Facebook (Opens in new window) Facebook
  • Click to share on LinkedIn (Opens in new window) LinkedIn
  • Click to email a link to a friend (Opens in new window) Email
  • Click to share on Tumblr (Opens in new window) Tumblr
  • Click to share on Pinterest (Opens in new window) Pinterest
  • Click to share on Reddit (Opens in new window) Reddit
  • Click to share on WhatsApp (Opens in new window) WhatsApp
  • Click to share on Pocket (Opens in new window) Pocket
Tech awscredentialpowershellscript

Post navigation

Previous post
Next post

Search

Sponsors

Latest Posts

  • Migrate WSL (Windows Subsystem for Linux) to a new computer
  • Pass keystrokes to a pfSense virtual machine to install it automatically
  • Automatically deploy pfSense with Terraform and Ansible
  • My Automated Lab project: #6 Create a S3 Bucket with Terraform
  • My Automated Lab project: #5 Deploy a Linux vSphere VM with Terraform and custom disks
©2025 Virtual To The Core | WordPress Theme by SuperbThemes
We use cookies to ensure that we give you the best experience on our website, and to collect anonymous data regarding navigations stats using 3rd party plugins; they all adhere to the EU Privacy Laws. If you continue to use this site we will assume that you are ok with it.OkNoPrivacy Policy