Setting up the AWS Toolkit for Azure DevOps
To use the AWS Toolkit for Azure DevOps to access AWS, you need an AWS account and AWS credentials. When build agents run the tasks contained in the tools, the tasks must be configured with, or have access to, those AWS credentials to enable them to call AWS service APIs. To increase the security of your AWS account, we recommend that you do not use your root account credentials. You should create an IAM user to provide access credentials to the tasks running in the build agent processes.
Sign up for AWS
If you do not have an AWS account, complete the following steps to create one.
To sign up for an AWS account
- Open https://portal.aws.amazon.com/billing/signup - . 
- Follow the online instructions. - Part of the sign-up procedure involves receiving a phone call or text message and entering a verification code on the phone keypad. - When you sign up for an AWS account, an AWS account root user is created. The root user has access to all AWS services and resources in the account. As a security best practice, assign administrative access to a user, and use only the root user to perform tasks that require root user access. 
Create an IAM user
To create an administrator user, choose one of the following options.
| Choose one way to manage your administrator | To | By | You can also | 
|---|---|---|---|
| In IAM Identity Center (Recommended) | Use short-term credentials to access AWS. This aligns with the security best practices. For information about best practices, see Security best practices in IAM in the IAM User Guide. | Following the instructions in Getting started in the AWS IAM Identity Center User Guide. | Configure programmatic access by Configuring the AWS CLI to use AWS IAM Identity Center in the AWS Command Line Interface User Guide. | 
| In IAM (Not recommended) | Use long-term credentials to access AWS. | Following the instructions in Create an IAM user for emergency access in the IAM User Guide. | Configure programmatic access by Manage access keys for IAM users in the IAM User Guide. | 
Create an IAM user and download its credentials
After you've created an IAM user, copy its credentials. To use the AWS Toolkit for Azure DevOps, you must have a set of valid AWS credentials, which consist of an access key and a secret key. These keys are used to sign programmatic web service requests and enable AWS to verify that the request comes from an authorized source.
Warning
Do not copy your root account credentials for use with AWS Toolkit for Azure DevOps.