IT notes

If using vault with aws secrets, you can request a pair of keys using:

$ vault read aws/creds/readonly
Key                Value
---                -----
lease_id           aws/creds/readonly/BMRZyGlcUof2S71rgBpHamfE
lease_duration     12h
lease_renewable    true
access_key         AKIBVIJBTT64DFFGWVNV
secret_key         p1zzZdDbZ0GGe7azIBq/5GrQwsHRege6UhTfr59a
security_token     <nil>

If you would like to login via web using a Console password, install https://github.com/99designs/aws-vault

Add your pair of keys:

$ aws-vault add monkey
Enter Access Key ID:

You may need to previously export the AWS region:

$ export AWS_REGION=us-east-2

Then to login run:

$ aws-vault login monkey

For this to work the AWS policy assigned to your keys needs to allow the to create a token, for example here a read only:

resource "vault_aws_secret_backend_role" "role" {
  backend         = vault_aws_secret_backend.aws.path
  name            = "readonly"
  credential_type = "iam_user"
  policy_arns     = ["arn:aws:iam::aws:policy/ReadOnlyAccess"]
  policy_document = <<EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sts:GetFederationToken",
      "Resource": "*"
    }
  ]
}
EOT
}