mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-17 09:23:10 +02:00
cddb5df395
* Add comprehensive pre-commit hooks for code quality - Set up pre-commit framework with hooks for Python, YAML, Ansible, and shell - Configure ruff for Python linting and formatting - Add yamllint for YAML validation - Include ansible-lint and syntax checks - Add shellcheck for shell scripts - Create development documentation - Auto-fix trailing whitespace and file endings 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * Remove redundant DEVELOPMENT.md and update CONTRIBUTING.md - Removed docs/DEVELOPMENT.md as it was redundant with existing documentation - Added pre-commit hooks setup instruction to CONTRIBUTING.md for contributors - Consolidated development guidance into a single location 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com>
61 lines
1.9 KiB
Markdown
61 lines
1.9 KiB
Markdown
# AWS Credential Configuration
|
|
|
|
Algo supports multiple methods for providing AWS credentials, following standard AWS practices:
|
|
|
|
## Methods (in order of precedence)
|
|
|
|
1. **Command-line variables** (highest priority)
|
|
```bash
|
|
./algo -e "aws_access_key=YOUR_KEY aws_secret_key=YOUR_SECRET"
|
|
```
|
|
|
|
2. **Environment variables**
|
|
```bash
|
|
export AWS_ACCESS_KEY_ID=YOUR_KEY
|
|
export AWS_SECRET_ACCESS_KEY=YOUR_SECRET
|
|
export AWS_SESSION_TOKEN=YOUR_TOKEN # Optional, for temporary credentials
|
|
./algo
|
|
```
|
|
|
|
3. **AWS credentials file** (lowest priority)
|
|
- Default location: `~/.aws/credentials`
|
|
- Custom location: Set `AWS_SHARED_CREDENTIALS_FILE` environment variable
|
|
- Profile selection: Set `AWS_PROFILE` environment variable (defaults to "default")
|
|
|
|
## Using AWS Credentials File
|
|
|
|
After running `aws configure` or manually creating `~/.aws/credentials`:
|
|
|
|
```ini
|
|
[default]
|
|
aws_access_key_id = YOUR_KEY_ID
|
|
aws_secret_access_key = YOUR_SECRET_KEY
|
|
|
|
[work]
|
|
aws_access_key_id = WORK_KEY_ID
|
|
aws_secret_access_key = WORK_SECRET_KEY
|
|
aws_session_token = TEMPORARY_TOKEN # Optional
|
|
```
|
|
|
|
To use a specific profile:
|
|
```bash
|
|
AWS_PROFILE=work ./algo
|
|
```
|
|
|
|
## Security Considerations
|
|
|
|
- Credentials files should have restricted permissions (600)
|
|
- Consider using AWS IAM roles or temporary credentials when possible
|
|
- Tools like [aws-vault](https://github.com/99designs/aws-vault) can provide additional security by storing credentials encrypted
|
|
|
|
## Troubleshooting
|
|
|
|
If Algo isn't finding your credentials:
|
|
|
|
1. Check file permissions: `ls -la ~/.aws/credentials`
|
|
2. Verify the profile name matches: `AWS_PROFILE=your-profile`
|
|
3. Test with AWS CLI: `aws sts get-caller-identity`
|
|
|
|
If credentials are found but authentication fails:
|
|
- Ensure your IAM user has the required permissions (see [EC2 deployment guide](deploy-from-ansible.md))
|
|
- Check if you need session tokens for temporary credentials
|