# AWS CLI Setup — john-deploy IAM

# AWS CLI Setup — john-deploy IAM

## Credentials Location

```
~/.aws/credentials
[default]
aws_access_key_id = AKIAUXDEHCNUHFX472XL
aws_secret_access_key = (stored in Vault: "AWS CLI - john-deploy IAM")

```

## IAM User Details

- **User:** john-deploy
- **AWS Account:** 324480209768
- **ARN:** arn:aws:iam::324480209768:user/john-deploy
- **Access Key ID:** AKIAUXDEHCNUHFX472XL
- **Secret Key:** DO NOT print in docs — reference Bitwarden/Vault item "AWS CLI - john-deploy IAM"
- **Primary Region:** eu-central-1 (Frankfurt)

## Permissions

Known permissions (unverified full list):

- Route53 (zone management, record creation)
- S3 (bucket operations)
- SES (email sending)
- ECR (container registry)
- App Runner (serverless containers)

## Validated Usage

- **2026-04-14:** Credentials confirmed working
- **2026-04-19:** Route53 change for snowit.ba (Change ID: C065644119MEENZWSSKW3)

## Usage Pattern

```
# Export credentials as env vars
export AWS_ACCESS_KEY_ID=AKIAUXDEHCNUHFX472XL
export AWS_SECRET_ACCESS_KEY="(from Vault)"
export AWS_DEFAULT_REGION=eu-central-1

# Example: Route53 change
aws route53 change-resource-record-sets \
  --hosted-zone-id Z04121493CAJZ75TQUPIW \
  --change-batch file://change-batch.json

```

## MCP Docker AWS Tool

Tool: `mcp__MCP_DOCKER__call_aws`

**Note:** This tool has its own config and uses environment variables. May not share the same credentials as CLI.

## Security Notes

- Secret key NEVER committed to git
- Stored in Vault: "AWS CLI - john-deploy IAM" item
- Keychain fallback on macOS
- If rotating keys: update Vault + ~/.aws/credentials + env vars

## See Also

- [ALAI Domain Migration](/link/2666) (uses Route53)

*Created: 2026-04-19 | Validated: 2026-04-14 + 2026-04-19*