wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-09-16 17:03:15 +02:00
Code Issues Projects Releases Wiki Activity
algo/docs/aws-credentials.md
Dan Guido cddb5df395
Add comprehensive pre-commit hooks for code quality (#14831) 
* Add comprehensive pre-commit hooks for code quality

- Set up pre-commit framework with hooks for Python, YAML, Ansible, and shell
- Configure ruff for Python linting and formatting
- Add yamllint for YAML validation
- Include ansible-lint and syntax checks
- Add shellcheck for shell scripts
- Create development documentation
- Auto-fix trailing whitespace and file endings

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Remove redundant DEVELOPMENT.md and update CONTRIBUTING.md

- Removed docs/DEVELOPMENT.md as it was redundant with existing documentation
- Added pre-commit hooks setup instruction to CONTRIBUTING.md for contributors
- Consolidated development guidance into a single location

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>
2025-09-15 10:03:46 -04:00

1.9 KiB
Raw Blame History

AWS Credential Configuration

Algo supports multiple methods for providing AWS credentials, following standard AWS practices:

Methods (in order of precedence)

  1. Command-line variables (highest priority)

    ./algo -e "aws_access_key=YOUR_KEY aws_secret_key=YOUR_SECRET"

  2. Environment variables

    export AWS_ACCESS_KEY_ID=YOUR_KEY
export AWS_SECRET_ACCESS_KEY=YOUR_SECRET
export AWS_SESSION_TOKEN=YOUR_TOKEN  # Optional, for temporary credentials
./algo

  3. AWS credentials file (lowest priority)

    • Default location: ~/.aws/credentials
    • Custom location: Set AWS_SHARED_CREDENTIALS_FILE environment variable
    • Profile selection: Set AWS_PROFILE environment variable (defaults to "default")

Using AWS Credentials File

After running aws configure or manually creating ~/.aws/credentials:

[default]
aws_access_key_id = YOUR_KEY_ID
aws_secret_access_key = YOUR_SECRET_KEY

[work]
aws_access_key_id = WORK_KEY_ID
aws_secret_access_key = WORK_SECRET_KEY
aws_session_token = TEMPORARY_TOKEN  # Optional

To use a specific profile:

AWS_PROFILE=work ./algo

Security Considerations

  • Credentials files should have restricted permissions (600)
  • Consider using AWS IAM roles or temporary credentials when possible
  • Tools like aws-vault can provide additional security by storing credentials encrypted

Troubleshooting

If Algo isn't finding your credentials:

  1. Check file permissions: ls -la ~/.aws/credentials
  2. Verify the profile name matches: AWS_PROFILE=your-profile
  3. Test with AWS CLI: aws sts get-caller-identity

If credentials are found but authentication fails:

  • Ensure your IAM user has the required permissions (see EC2 deployment guide)
  • Check if you need session tokens for temporary credentials