TKI Client Download

General Info About Emory TKI Client

To access an Emory AWS Account from the command line, Emory requires the use of temporary API keys to reduce the incidence of accounts compromised by disclosure of persistent API keys. Temporary keys can be challenging to manage, so Emory has provided a command-line utility and a backend service to simplify the process of requesting and using temporary keys.

These are called the Temporary Key Issuance Client (TKI Client) and the Temporary Key Issuance Service (TKI Service). Users will download and install the TKI Client on each workstation from which they would like to access the account. Download TKI Client links for AWS at Emory, a self-service platform for Emory researchers, are listed immediately below. Links to download the client for ECS (Emory Cloud Services) are found at the bottom of this page. After downloading the appropriate TKI Client package for your operating system, execute the TKI Client installer and follow the installer instructions.

AWS at Emory CLI Access via TKI Client

AWS at Emory TKI client downloads can be found below. You will be redirected to the AWS at Emory homepage as the client downloads. 

Using the TKI Client

To obtain temporary keys with the TKI Client, run the TKI Client with the platform-specific instructions provided by the install process and respond to its prompts for:

  1. Emory NetID
  2. Emory Password
  3. If username and password authentication is successful, the user will be prompted to select a Duo authentication method
  4. If Duo authentication is successful and if the user is associated with more than one account or role, the user will be prompted to select an account and role to assume
  5. The user will be issued temporary keys and the TKI Client will write them to the user's AWS profile and return the profile name of the new temporary credentials

The user can then interact with the account from the command line using the profile name that contains the temporary credentials. Temporary credentials are valid for 12 hours. Once the credentials expire users must re-execute the TKI Client to obtain new temporary credentials.

Emory Cloud Services (ECS) Access via TKI Client

The TKI client downloads can be found below: