Using Credentials

Amazon Elastic Compute Cloud: 2009-08-15

previous page next page

Using Credentials

Topics

How to Log In with Your Amazon Login and Password
  • How to Get Your Access Key ID and Secret Access Key
  • How to Create an X.509 Certificate and Private Key
  • SSH Key Pair
  • Windows Administrator Password
  • Viewing Your Account ID
  • Related Topics

    • This section describes how to use Amazon EC2 credentials.

    Amazon EC2 Credentials

    • Amazon Login and Password—Used to sign up for Amazon EC2 and other services, view your bills, perform account-based tasks, and get many of your security credentials. Additionally, they are used by the AWS Management Console. For information on how to log in with your Amazon login and password, see SSH Key Pair.

    • Access Key ID and Secret Access Key—Used most commonly used set of AWS credentials, they are used to make Query and REST-based requests and are commonly used by UI-based tools, such as ElasticFox. For more information, see Windows Administrator Password.

    • X.509 Certificate and Private Key—The X.509 Certificate and Private Key are used by the command line tools and SOAP. For more information, see Windows Administrator Password.

    • Access Key ID and Secret Access Key—Used to access instances after they launch through SSH and to generate passwords used by Remote Desktop. For more information, see SSH Key Pair.

    • EC2 (SSH) Key pair—Used to access Windows instances through Remote Desktop. For more information, see Windows Administrator Password.

    • Account ID— For more information, see Windows Administrator Password.

    How to Log In with Your Amazon Login and Password

    The Amazon login and password enable you to sign up for services, view your bills, perform account-based tasks, and get many of your security credentials. These credentials are also used to perform Amazon EC2 tasks through the AWS Management Console.

    This section describes how to get your Amazon login and password.

    To get your Amazon login and password (if you have an existing account)

    1. Go to the AWS Web Site.

    2. Select an option from the Your Account menu. The Amazon Web Services Sign In page appears.

    3. Enter your e-mail address, select I am a returning user and my password is, enter your password, and click the Sign In button.

    To get a new Amazon login and password

    1. Go to the AWS Web Site.

    2. Click Create an AWS Account.

      The Amazon Web Services Sign In page appears.

    3. Select I am a new user and click the Sign In button.

    4. Follow the on-screen prompts to create a new account.

    [Note] Note

    It is important to keep your Amazon login and password secret as they can be used to view and create new credentials. As an increased security measure, we offer Multi-Factor Authentication, which uses the combination of a physical device and passcode to login to your AWS account. For more information, go to http://aws.amazon.com/mfa.

    How to Get Your Access Key ID and Secret Access Key

    The Access Key ID and Secret Access Key are the most commonly used set of AWS credentials. They are used to make Query and REST-based requests and are commonly used by UI-based tools, such as ElasticFox. You can use up to two sets of Access Keys at a time. You can generate new keys at any time or disable existing keys.

    To get your Access Key ID and Secret Access Key

    1. Go to the AWS Web Site.

    2. Point to Your Account and select Security Credentials.

      If you are not already logged in, you are prompted to do so.

    3. Scroll down to the Access Credentials section and verify the Access Keys tab is selected.

    4. Locate an active Access Key in the Your Access Keys list.

    5. To display the Secret Access Key, click Show in the Secret Access Key column.

    6. Write down the keys or save them.

    7. If there are no Access Keys in the list, click Create a New Access Key and follow the on-screen prompts.

    How to Create an X.509 Certificate and Private Key

    The X.509 Certificate and Private Key are used by the command line tools and SOAP. You can download the private key file once. If you lose it, you will need to create a new certificate. Up to two certificates can be active at any time.

    This section describes how to create a new certificate.

    To create a certificate

    [Note] Note

    For Windows, there can be no spaces in the path. For example, C:\EC2 is acceptable, but C:\My Documents\EC2 is not.

    1. Go to the AWS Web Site.

    2. Point to Your Account and select Security Credentials.

      If you are not already logged in, you are prompted to do so.

    3. Click the X.509 Certificates tab

    4. Click Create a New Certificate and follow the on-screen prompts.

    5. To display the Secret Access Key, click Show in the Secret Access Key column.

      The new Certificate is created and appears in the X.509 Certificate list. You are prompted to download the certificate and private key files.

    6. Create a .ec2 directory in your home directory, and save these files to it with the filenames offered by your browser.

      You should end up with a PEM-encoded X.509 certificate and a private key file named as shown in the following examples. The following is an example of a PEM encoded signed X.509 certificate file: cert-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem. The following is an example of an unencrypted, PEM encoded RSA private key file that corresponds to the X.509 certificate file: pk-HKZYKTAIG2ECMXYIBH3HXV4ZBZQ55CLO.pem.

    SSH Key Pair

    You must create a public/private key pair to ensure that only you have access to instances that you launch. After you generate a key pair, the public key is stored in Amazon EC2 using the key pair name you selected. Whenever you launch an instance using the key pair name, the public key is copied to the instance metadata. This allows you to access the instance securely using your private key.

    For information on how to get the create key pairs, see How to Generate an SSH Key Pair.

    Windows Administrator Password

    The Windows administrator password is used to access a Windows instance through Remote Desktop for the first time only. If you change the password or rebundle the AMI, the instance will use the last set password. For information on how to get the Windows administrator password through the command line tools or the AWS Management Console, see ???.

    Viewing Your Account ID

    The Account ID identifies your account to AWS and enables other accounts to access resources that you want to share, such as Amazon EC2 AMIs and Amazon EBS snapshots.

    To view your Account ID

    1. Go to the AWS Web Site.

    2. Point to Your Account and select Security Credentials.

      If you are not already logged in, you are prompted to do so.

    3. Scroll down to the section that contains information about your account.

    4. Click Create a New Certificate and follow the on-screen prompts.

    5. Locate your AWS Account ID.

    For information on how to share AMIs, see How to Share AMIs. For information on how to share snapshots, see How to Modify Snapshot Permissions.

    [Note] Note

    The Account ID number is not a secret. When granting access to resources, make sure to specify the Account ID without hyphens.

    The canonical ID is used by Amazon S3.

    previous page start next page