1 Answer
- Newest
- Most votes
- Most comments
0
Hi Lin,
Current best practice is to use the AWS CLI in conjunction with AWS IAM Identity Center for workforce usage of AWS CLI . This allows you to obtain short-lived credentials and have the users logging in using the best practices including MFA if you have it set it up that way. You probably find many tutorials with IAM User usage because that option has been available for several years (10+) and used to be the standard, while the Identity Center integration with AWS CLI it's way more recent (3 years or so I believe) and it's the current best practice.
So to your questions;
- No, there is no long term problem, we prefer you using it with IAM Identity Center (with MFA if possible please!)
- While it's possible to have multiple configurations, you shouldn't require to use IAM Users with AWS CLI unless you have a specific use case which requires you to have a IAM User rather than a IAM Role. This could happen when you want to provide access to your environment to an application that lives outside of AWS (IE: A non-AWS third party wants to access your S3 bucket for some reason), as in any other case when apps are inside AWS, you can leverage IAM Roles to obtain access to your resources.
It seems you have set it up well, keep with it!
answered 3 months ago
Relevant content
- asked a year ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago
Appreciate the fast response and useful info., Pablo!
Lin