The AWS credential search order
AWS Tools stores the credential in the C:\Users\username>\AppData\Local\AWSToolkit\RegisteredAccounts.json file. This files stores your access and secret access keys in an encrypted format. Even if you copy this file to a different computer, you cannot use it. This is the first file that AWS Tools for PowerShell searches on the Windows platform for the AWS credentials. You can also write the credentials to a different file as follows:
PS C:\> Set-AWSCredentials -AccessKey {xx} -SecretKey {xx} -StoreAs {ProfileName} -ProfilesLocation c:\AWSTools\MyCredential
By default, on a Windows platform, AWS Tools for Windows PowerShell modules read profiles from the file C:\Users<userid>\.aws\credentials. Don't get confused here. I specifically mentioned AWS Tools for Windows PowerShell and not AWS Tools for PowerShell Core. AWS Tools for PowerShell Core still store credentials in the location, C:\Users\username>\AppData\Local\AWSToolkit\RegisteredAccounts.json. On Linux, the file is at ~/.aws/credentials. Here are the high-level steps for the credential search:
- Literal credentials in the cmdlet
- Profile names or profile locations
- Credentials specified by the credential parameter
- PowerShell session profiles
- Default profiles set in PowerShell for the AWS access
- The EC2 instance credential if EC2 instance is configured for an IAM role