AWS_config.qmd

---
execute:
  eval: false
---

# Setting up access to the Amazon S3 bucket {#sec-aws_setup}
To access data that is stored in private AWS S3 cloud storage buckets access credentials must be set. This guide provides step-by-step instructions for configuring AWS credentials using two methods and using them with various tools.

## Method 1
The first method of setting up only needs to be configured once per device/profile. This is the suggested method if using a personal device that will access the AWS bucket often. Additional help and information can be found https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html. GDAL, Python and R packages, the AWS CLI, etc. will all detect this login info automatically if it is done correctly. 

**Steps**: 

1. Create a directory called .aws in the home directory.
2. In ~/.aws/ create an empty file called 'credentials'. 
   - **IMPORTANT NOTE: This is basically just a text file, but there should be there is no file extension. If the file is named credential.txt, it will not work.**
3. Open this file with a txt editor and create a [default] profile with the access_key_id and secret_access_key.
4. Create other profiles as needed with other access keys and secret keys.
5. Although not always required (GDAL presets to AWS_REGION = "us-east-1"), if dealing with buckets in multiple regions or getting an error about the region/a key not being found, a config file specifying the region and return type can be made. Keep the output set to json. *NOTE:* This is the bucket region, not the region of the user. **For the digital-atlas bucket, the region is "us-east-1"**

### Example:

**File locations**:
```
Linux or macOS:
~/.aws/credentials AKA /home/USERNAME/.aws/credentials 

Windows:
C:\Users\USERNAME\.aws\credentials
```
**Credentials file**:
```
[default]
aws_access_key_id=AKIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[read_only_user]
aws_access_key_id=AKIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

[zarr_bucket]
aws_access_key_id=AKIAI46QZ8DHBEXAMPLE
aws_secret_access_key=xl7MjGbClwBF/2hp9Htk/h3gCo7nvbEXAMPLEKEY
```
**Config file**:
```
[default]
region=us-east-1
output=json

[profile read_only_user]
region=us-west-2
output=json

[profile zarr_bucket]
region=us-west-2
output=text
```
## Method 2
This method sets the AWS details as environmental variables and needs to be reconfigured each time a session ends. This can also be used to override the above ~/.aws/credentials or  ~/.aws/config variables if needed. It can be done from within R or Python or through the command line. 

R: 
```{r}
Sys.setenv(
    AWS_ACCESS_KEY_ID = 'AKIAIOSFODNN7EXAMPLE',
    AWS_SECRET_ACCESS_KEY = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
    AWS_REGION = "us-east-1"
    )
```

Python:
```{python python.reticulate = FALSE}
import os
os.environ['AWS_ACCESS_KEY_ID'] = 'AKIAIOSFODNN7EXAMPLE'
os.environ['AWS_SECRET_ACCESS_KEY'] = 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY'
os.environ['AWS_REGION'] = "us-east-1"
```

Linux/macOS shell:
```{bash}
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
export AWS_DEFAULT_REGION=us-east-1
```