Mon, 15 Feb 2010
/Hosting/Amazon/EC2:
Amazon AWS: Information You Need to Give Your System Administrator
Amazon AWS is designed to be able to give someone else the necessary
privileges to control one's Amazon servers, without giving up the
password of your Amazon AWS account. Here are a couple of very thorough
treatments on the subject of Amazon AWS credentials: [5][6].
In order to broadly manage your account and its servers, there are
two sets of keys your System Administrator is probably going to need to
access and control your servers and data stores:
- AWS Access Key / Secret Access Key
- X.509 Certificate and Private Key
These two methods of authentication are also explained in the
"Authentication" section of [1], and both sets of keys can be obtained
from "Your Account" --> "Access identifiers" in your Amazon AWS account.
The "Access Key / Secret Access Key" is comprised of two long
strings, much longer then what one typically thinks of as a "password".
This is what a System Administrator needs most of the time for most
Amazon AWS management tasks. The ElasticFox Firefox Extension[4], for
instance, uses these for authentication. Following are examples of what
these keys look like:
Access key: AKIAJQXQL474IJIOJATA
Secret Access Key: XQbln80m5ms8a4xUSxPd7xmyF/7IM9hM24bv9aez
The "X.509 certificate" is a pair of encryption keys (each of
them much longer then either elements of the "Access Key / Secret Access
Key") primarily used by the Java-based Amazon EC2 API Tools[2], as
explained here[3].
The certificate looks like this:
-----BEGIN CERTIFICATE-----
MIICdzCCAeCgAwIBAgIGAOfo0EVXMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNVBAYT
AlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNBV1MxITAfBgNVBAMT
GEFXUyBMaW1pdGVkLUFzc3VyYW5jZSBDQTAeFw0wODA5MjcyMzU3MDdaFw0wOTA5
MjcyMzU3MDdaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQKEwpBbWF6b24uY29tMRcw
FQYDVQQLEw5BV1MtRGV2ZWxvcGVyczEVMBMGA1UEAxMMdWx3MTFzaTFjYzhrMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmtXexIvZGTtVvRaulv5ibeJR04W9L
r1ET/hmfQDMrhojGURI+7HYWUtZwxBEUfU/L7JkSEgvtgpCpB4ulLAtzpNcd/aJ0
lL7gF6B0szIx3LSNX/uidt9JkFUNeCyJygMbGMQsK/V496KqHIbwaHKvB4gqGM5r
Tpxuqv1Tu6SvQwIDAQABo1cwVTAOBgNVHQ8BAf8EBAMCBaAwFgYDVR0lAQH/BAww
CgYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPWGfgV0fN+glJXzs
VPxSI3IcI4UwDQYJKoZIhvcNAQEFBQADgYEAcC6rIJiRSwSSx4+pDo/xcXsqX6jD
/w9gnE/BnAvAtPyR5sH5x3ksGgmH0Z3VFtFk0Zika/EYACCFVpA76dRQeszYamPJ
gaPwAZo6g7DK4YhWWX9b3p2waTWASUxzbb0ivRiL1bC5zLwin2MfAzMcwI4oYx1B
BCvS2d6fGxuuXrQ=
-----END CERTIFICATE-----
And the private key looks like this:
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMaAtxIVZslDohGnIIXJ/V8HTvzm
w7/wROrIDIAN7QIGW4G14y7Sy3IHM56Y89pCFuvtzOwX7dAKjAIho8SE1IWiG4XxojGrXkA4Y8HS
5rxUtj3DrAV+y60QEnwLQzICYPnSqG7w239J1TpPDBnCprec+qziUNu2iAhXMbbJCei9AgMBAAEC
gYBrivykDXg8finmCneyRDbDL0B5/8P5zwBneq5bCjBnsm4NHi/RBF84jfJHcHJcwwWMGK+3EVfE
KJKl7Pe+1oAUWd423ARd1AsPfjQhBZ/RXXhNpXovPz7PTFLOnzQbOmtkl59xPo67bIs2gWlu/0jj
6MXqGLpEp1JI1Z2mnFI6OQJBAOfDLRdUGekgBz5ZKpu8skzSvnVGxL/YGRpXOPKm08RuTMqRPvhW
cn39nQZcjb9UYzdq2Av6cqwXFdMjcXBZw4MCQQDbQxndNYWmwH9ATH8Bg/D8/U0ciDO22NMj/Yti
ToLLC0xStt6KXWFjyD/aAwz+3dmVSyvJK1s6stE0xUKiuq6/AkEAmdiF5iZ9zLLmHA00q4znDvgW
VeNUV8UrZMDhnLIBgTN25kDkfBVmixv/UGm/7nImKnNSVyE5XeM1KaMtelcb4QJAE1xyfTkLqzTW
R7w5fs3CyuQnGfzg7CVrR4NM+opKPFmsDKW/MuKaBfCZyst4K001uFwh6qqcbKt7k7hTcQEhCwJA
EdAIyKc80eU5KpkWNwbEL3AqK4MYdihXN2/qAt+KVNNUYROzudpDuW1K96p28CaoavV0n81BWX7p
UvidCsHK+g==
-----END PRIVATE KEY-----
[1] http://clouddb.info/2009/05/17/using-and-managing-aws-part-3-aws-security/
[2] http://developer.amazonwebservices.com/connect/entry.jspa?externalID=351
[3] http://developer.amazonwebservices.com/connect/entry!default.jspa?categoryID=100&externalID=1791&printable=true
[4] http://developer.amazonwebservices.com/connect/entry.jspa?externalID=609
[5] http://alestic.com/2009/11/ec2-credentials
[6] http://www.elastician.com/2009/06/managing-your-aws-credentials-part-1.html
posted at: 11:31 | path: /Hosting/Amazon/EC2 | permanent link to this entry
