Use AWS-Vault to manage access to AWS

AWS-Vault is a great tool for securely controlling your access to AWS and is great when assuming or switching roles. For Example, if you need admin rights in AWS.

It’s an awesome Github project. I will use macOS in this example, but the same process will work for Unix-based systems such as Linux. Click here for the Documentation.

For Alternative Operating Systems, check out this:

Step 1 – Install AWS-Vault

There are several ways to install AWS-Vault

How do I integrate AWS Vault?

You can install AWS Vault:

  • on Windows with Chocolateychoco install aws-vault
  • on Windows with Scoopscoop install aws-vault
  • on Linux with Homebrew on Linuxbrew install aws-vault
  • on Arch Linuxpacman -S aws-vault
  • on FreeBSDpkg install aws-vault
  • with Nixnix-env -i aws-vault

Install with Brew on MacOS

This example demonstrates how to install AWS-VAULT on Macintosh, and this process will be almost identical on Linux-based distributions. My personal favorite tool for installing packages on macOS is Brew.

Visit Brew.SH to find out more.

Open your terminal session. I will be using iTerm2, and you can find a link to it here.

The Installation Command requires Brew to install if you have not already got Brew installed type:

/bin/bash -c "$(curl -fsSL"

Now Install vault and the AWS-CLI

brew install aws-vault
brew install awscli

Note – These commands also work on Linux

Step 2 – Create an Access Key in the AWS Console

Vault requires a programmatic access key to your AWS credentials.

Log in to AWS Console

  • Go to IAM → Users → your user
  • Go to Security Credentials Tab
  • Select Create Access Key

Important: Make a note of your admin role name and your Amazon IAM user Name, you will need this later

What commands would you need to create an AWS secret from Vault?

Step 3 – Create a KeyChain

Return to your macOS terminal and enter the following:

aws-vault add *prod/non-prod*
Note - substitute *prod/non-prod* with whatever you want to call your AWS-Vault KeyChain

Enter the Access Key ID Secret Key when requested

This information is available in the AWS console > IAM > Users > <Your User ID>

Step 4 – Create / Update your local AWS config

Edit your AWS Config File (typically located at ~/.aws/config)

sudo nano ~/.aws/config

and add the below configuration:

[default] region=my_region output=json
credential_process=aws-vault exec prod -j

[profile myprofile1]
credential_process=aws-vault exec prod -j

[profile myprofile_admin]
Note - Substitute role_arn and mfa_serial with you details from the AWS Console

Step 5 – Log into AWS with AWS-Vault

To access AWS using VAULT

Open a terminal session and type

aws-vault login prod

You will be prompted for your local Keystore password, and your MFA code, and then the AWS console will open, and you will automatically assume the role configured in myprofile_admin.

Top Q&A for AWS-Vault

What is AWS Vault?

Vault is a Keystore that securely controls access to AWS using existing user roles and multi-factor authentication.

Top tips for using AWS Vault

1. Consider using AWS Vault to store data that you need to keep safe and accessible.

2. AWS Vault is a great way to store data that you need to access quickly.

3. AWS Vault makes it easy to manage your accounts and data.

How do I use AWS Vault?

This procedure will give you a very good start on AWS-Vault. If you want to dig deeper, there is a detailed readme from the creators of AWS-Vault.

How do I install AWS-Vault?

AWS-Vault is a software application that helps organizations securely store sensitive data. To install AWS-Vault, follow these steps:

1. Download the AWS-Vault installer.

2. Start the installer and follow the instructions.

3. After the installation is complete, you can start using AWS-Vault.

How do I use AWS-Vault with MFA?

See Step 4 of this procedure.

Thank you for taking the time to read this procedure. If you have any comments or recommendations, please feel free to submit a comment on this article, and I will respond ASAP.

Elsewhere On TurboGeek:  Accessing Amazon Workspaces


Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

4 Responses

  1. 16/06/2022

    […] note that I use AWS-Vault to access my cloud […]

  2. 05/09/2022

    […] Note that I use AWS-VAULT to query my AWS infrastructure, you can find out how to set this up here […]

  3. 16/01/2023

    […] it comes to securing your AWS credentials, you have a few different options. One way is to store them in Amazon Web Services (AWS) itself […]

  4. 06/09/2023

    […] article will show you how to install AWS-Vault on […]

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate »