[cs615asa] Some questions about env setup and X.509 certificate

hchen29 hchen29 at stevens.edu
Fri Jan 30 01:47:59 EST 2015

On 01/30/2015 1:45 AM, hchen29 wrote:
> On 01/29/2015 10:30 PM, Julian Sexton wrote:
>>>>> If you use the linux-lab to do these work, you do not need to do
>>>>> preperations. The aws tools have been installed on the linux-lab
>>>>> system. That's the reason why you do not need to configure the
>>>>> environment variables. But if you do that on your personal 
>>>>> computer,
>>>>> you should follow those steps. The certificate and the private key,
>>>>> I think, are used to make sure you are the person who is allowed to
>>>>> use the AWS service. If you do not have the certification, you
>>>>> cannot use Amazon Web Service; in specific, you cannot use "aws"
>>>>> command to deploy your instances. The aws configure asks you to
>>>>> enter your access key, that does the same work.
>> Just to confirm, this assignment does require an amazon account,
>> right? I actually went through the entire setup process, with private
>> keys, certificates, aws configure, etc,  on the linux lab, so I'm
>> still trying to figure out how much of this was unnecessary (and how
>> much I need to undo to get it to use the school's account). As far as
>> I can tell, "aws configure" needs information (key + id) from an
>> amazon account (and I can't seem to find a way to unconfigure to test
>> it), but how does it verify against that key and the school's
>> certificate (two different owners)? Or does it just pick one of the
>> two and verify that?
>> -Julian
>> Hello Julian,
> A good question. X.509 and Access keys are two different security
> policies for different uses. X.509 is the asymmetric key
> cryptography--RSA, while Access Keys is symmetric key cryptography.
> The details of when to use the X.509 and Access keys can be got from
> this link:
> http://docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#QuickStart
> Here is a funny thing you can see from that website. It is said that
> the EC2 CLI should use X.509. That's the reason why you need to setup
> the CLI and configure the environment variables, if you want to use
> the CLI on your personal computer. However, if you use the installed
> tools on linux-lab, you need to type your Access keys and Security
> Access Keys when you use the command "aws configure". Attention, it's
> not X.509! Why? They are two differnt tools!

If you are using the EC2 CLI it is X.509. But the AWS CLI, as far as I 
can see, it's Access keys. If you want to know why they are different.. 
If you know please share the idea with me :)

Hanxiong Chen

>> _______________________________________________
>> cs615asa mailing list
>> cs615asa at lists.stevens.edu
>> https://lists.stevens.edu/mailman/listinfo/cs615asa
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa

More information about the cs615asa mailing list