Credential and profile resolution

Credentials Search Order

When you run a command, AWS Tools for PowerShell searches for credentials in the following order. It stops when it finds usable credentials.

Literal credentials that are embedded as parameters in the command line.

We strongly recommend using profiles instead of putting literal credentials in your command lines.
A specified profile name or profile location.
- If you specify only a profile name, the command looks for the specified profile in the AWS SDK store and, if that does not exist, the specified profile from the AWS shared credentials file in the default location.
- If you specify only a profile location, the command looks for the default profile from that credentials file.
- If you specify both a name and a location, the command looks for the specified profile in that credentials file.
If the specified profile or location is not found, the command throws an exception. Search proceeds to the following steps only if you did not specify a profile or location.
Credentials specified by the -Credential parameter.
The session profile, if one exists.
The default profile, in the following order:
1. The default profile in the AWS SDK store.
2. The default profile in the AWS shared credentials file.
3. The AWS PS Default profile in the AWS SDK store.
If the command is running on an Amazon EC2 instance that is configured to use an IAM role, the EC2 instance's temporary credentials accessed from the instance profile.

For more information about using IAM roles for Amazon EC2 instances, see the AWS SDK for .NET.

If this search fails to locate the specified credentials, the command throws an exception.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Pipelining and $AWSHistory

Users and roles