[cs615asa] Some questions about env setup and X.509 certificate

hchen29 hchen29 at stevens.edu
Fri Jan 30 01:45:54 EST 2015 

On 01/29/2015 10:30 PM, Julian Sexton wrote:
>>>> If you use the linux-lab to do these work, you do not need to do
>>>> preperations. The aws tools have been installed on the linux-lab
>>>> system. That's the reason why you do not need to configure the
>>>> environment variables. But if you do that on your personal computer,
>>>> you should follow those steps. The certificate and the private key,
>>>> I think, are used to make sure you are the person who is allowed to
>>>> use the AWS service. If you do not have the certification, you
>>>> cannot use Amazon Web Service; in specific, you cannot use "aws"
>>>> command to deploy your instances. The aws configure asks you to
>>>> enter your access key, that does the same work.
> 
> Just to confirm, this assignment does require an amazon account,
> right? I actually went through the entire setup process, with private
> keys, certificates, aws configure, etc,  on the linux lab, so I'm
> still trying to figure out how much of this was unnecessary (and how
> much I need to undo to get it to use the school's account). As far as
> I can tell, "aws configure" needs information (key + id) from an
> amazon account (and I can't seem to find a way to unconfigure to test
> it), but how does it verify against that key and the school's
> certificate (two different owners)? Or does it just pick one of the
> two and verify that?
> 
> -Julian
> 
Hello Julian,
A good question. X.509 and Access keys are two different security 
policies for different uses. X.509 is the asymmetric key 
cryptography--RSA, while Access Keys is symmetric key cryptography. The 
details of when to use the X.509 and Access keys can be got from this 
link: 
http://docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#QuickStart
Here is a funny thing you can see from that website. It is said that the 
EC2 CLI should use X.509. That's the reason why you need to setup the 
CLI and configure the environment variables, if you want to use the CLI 
on your personal computer. However, if you use the installed tools on 
linux-lab, you need to type your Access keys and Security Access Keys 
when you use the command "aws configure". Attention, it's not X.509! 
Why? They are two differnt tools!

> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa

More information about the cs615asa mailing list