AWS Credential Configuration
September 15, 2025 ยท View on GitHub
Algo supports multiple methods for providing AWS credentials, following standard AWS practices:
Methods (in order of precedence)
-
Command-line variables (highest priority)
./algo -e "aws_access_key=YOUR_KEY aws_secret_key=YOUR_SECRET" -
Environment variables
export AWS_ACCESS_KEY_ID=YOUR_KEY export AWS_SECRET_ACCESS_KEY=YOUR_SECRET export AWS_SESSION_TOKEN=YOUR_TOKEN # Optional, for temporary credentials ./algo -
AWS credentials file (lowest priority)
- Default location:
~/.aws/credentials - Custom location: Set
AWS_SHARED_CREDENTIALS_FILEenvironment variable - Profile selection: Set
AWS_PROFILEenvironment variable (defaults to "default")
- Default location:
Using AWS Credentials File
After running aws configure or manually creating ~/.aws/credentials:
[default]
aws_access_key_id = YOUR_KEY_ID
aws_secret_access_key = YOUR_SECRET_KEY
[work]
aws_access_key_id = WORK_KEY_ID
aws_secret_access_key = WORK_SECRET_KEY
aws_session_token = TEMPORARY_TOKEN # Optional
To use a specific profile:
AWS_PROFILE=work ./algo
Security Considerations
- Credentials files should have restricted permissions (600)
- Consider using AWS IAM roles or temporary credentials when possible
- Tools like aws-vault can provide additional security by storing credentials encrypted
Troubleshooting
If Algo isn't finding your credentials:
- Check file permissions:
ls -la ~/.aws/credentials - Verify the profile name matches:
AWS_PROFILE=your-profile - Test with AWS CLI:
aws sts get-caller-identity
If credentials are found but authentication fails:
- Ensure your IAM user has the required permissions (see EC2 deployment guide)
- Check if you need session tokens for temporary credentials