Working with AWS accounts
Many teams in MHCLG use Amazon Web Services (AWS) as their infrastructure provider.
Request AWS user access
People joining MHCLG do not automatically have access to AWS. To grant a user access to AWS you’ll need to follow the guidance How to Request an AWS User Account.
Use the command line
There are several command line tools you can use to work with AWS, such as:
- AWS Command Line Interface (AWS CLI) - to manage your AWS services
- AWS Shell - an integrated shell for working with the AWS CLI
- Terraform - for building, changing, and versioning infrastructure
These tools need credentials to access AWS. We recommend using aws-vault to manage your credentials.
Installing aws-vault
aws-vault needs to be installed and available on your PATH. The
easiest way to do this is via Homebrew: brew install --cask aws-vault.
Using aws-vault
Follow the guidance in Programmatic Access and Federated Access.
You can execute commands with credentials stored in AWS Vault using the aws-vault exec command.
For example, to list S3 buckets in the developer account run:
aws-vault exec developer -- aws s3 ls