-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAWS_config.qmd
84 lines (70 loc) · 3.17 KB
/
AWS_config.qmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
---
execute:
eval: false
---
# Setting up access to the Amazon S3 bucket {#sec-aws_setup}
To access data that is stored in private AWS S3 cloud storage buckets access credentials must be set. This guide provides step-by-step instructions for configuring AWS credentials using two methods and using them with various tools.
## Method 1
The first method of setting up only needs to be configured once per device/profile. This is the suggested method if using a personal device that will access the AWS bucket often. Additional help and information can be found https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html. GDAL, Python and R packages, the AWS CLI, etc. will all detect this login info automatically if it is done correctly.
**Steps**:
1. Create a directory called .aws in the home directory.
2. In ~/.aws/ create an empty file called 'credentials'.
- **IMPORTANT NOTE: This is basically just a text file, but there should be there is no file extension. If the file is named credential.txt, it will not work.**
3. Open this file with a txt editor and create a [default] profile with the access_key_id and secret_access_key.
4. Create other profiles as needed with other access keys and secret keys.
5. Although not always required (GDAL presets to AWS_REGION = "us-east-1"), if dealing with buckets in multiple regions or getting an error about the region/a key not being found, a config file specifying the region and return type can be made. Keep the output set to json. *NOTE:* This is the bucket region, not the region of the user. **For the digital-atlas bucket, the region is "us-east-1"**
### Example:
**File locations**:
```
Linux or macOS:
~/.aws/credentials AKA /home/USERNAME/.aws/credentials
Windows:
C:\Users\USERNAME\.aws\credentials
```
**Credentials file**:
```
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
[read_only_user]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
[zarr_bucket]
aws_access_key_id=AKIAI46QZ8DHBEXAMPLE
aws_secret_access_key=xl7MjGbClwBF/2hp9Htk/h3gCo7nvbEXAMPLEKEY
```
**Config file**:
```
[default]
region=us-east-1
output=json
[profile read_only_user]
region=us-west-2
output=json
[profile zarr_bucket]
region=us-west-2
output=text
```
## Method 2
This method sets the AWS details as environmental variables and needs to be reconfigured each time a session ends. This can also be used to override the above ~/.aws/credentials or ~/.aws/config variables if needed. It can be done from within R or Python or through the command line.
R:
```{r}
Sys.setenv(
AWS_ACCESS_KEY_ID = 'AKIAIOSFODNN7EXAMPLE',
AWS_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
AWS_REGION = "us-east-1"
)
```
Python:
```{python python.reticulate = FALSE}
import os
os.environ['AWS_ACCESS_KEY_ID'] = 'AKIAIOSFODNN7EXAMPLE'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
os.environ['AWS_REGION'] = "us-east-1"
```
Linux/macOS shell:
```{bash}
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=us-east-1
```