[cs615asa] Some questions about env setup and X.509 certificate

Jan Schaumann jschauma at stevens.edu
Fri Jan 30 14:16:47 EST 2015


hchen29 <hchen29 at stevens.edu> wrote:

> If you are using the EC2 CLI it is X.509. But the AWS CLI, as far as I  
> can see, it's Access keys.

Correct.

As explained in detail on
docs.aws.amazon.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html,
different access methods use different authentication mechanisms.

As you read the above document, keep in mind that AWS is used by
organizations with significant access and privacy needs, and that your
specific use case may not have the same requirements as those that
others have.  The different authentication mechanisms have their own
advantages and disadvantages.


The "EC2 CLI" tools are also installed on linux-lab under
/opt/ec2tools-1.4, and those utilize the certificate for authentication
to AWS.  These use asymmetric key cryptography, allowing you to retain
full control of the private key at the cost of having to manage and
distribute the key material yourself.

The 'aws' utility under /usr/local/bin uses "Access keys".  This is a
form of symmetric key cryptography, where the private key is available
on both ends (Amazon's and yours).

-Jan

P.S.: Please restrict what you're quoting to only that which is
necessary to retain context.  Fully quoting several emails means people
have to scroll through several pages of text to get to your comment.


More information about the cs615asa mailing list