# SDK --- * Application Utilixing SDK --> S3 (success) Relied on creds local file * mark Inactive user (awsstudent) * AWS lsfails to authenticate * Through cloudformation the credentials file is placed on the server * Once we delete the credentials * Create a policy (permissions) * create role (attach it to EC2) * aws s3 ls (would still fail at this point) * inside EC2 it runs a process that carries metadata ### How does the sdk makes the api call once the credentials file is not locally available? ### EXAMPLE: It connects to the hypervisor to make the API call * Private IP: 169.254.169.254:80/latest/meta-data/iam/security-credentials/ROLENAME ```json { "Code" : "Success", "LastUpdated" : "2012-04-26T16:39:16Z", "Type" : "AWS-HMAC", "AccessKeyId" : "ASIAIOSFODNN7EXAMPLE", "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY", "Token" : "token", "Expiration" : "2017-05-17T15:09:54Z" } ```  ## Cloudtrail * it is enabled by default but you have to configure it with the services. * the service is free but to storing logs is not.