Configure AWS CLI

This guide will walk you through configuring the AWS CLI (aws) for your IAM user.

Choose one of the following options to configure the AWS CLI:

What You’ll Need

Here is what you’ll need based on whether you want to use custom or auto-detected credentials.

  • An AWS account.
  • A created management environment.
  • An IAM user with elevated privileges.
  • The Access Key ID for this IAM user.
  • The Secret Access Key for this IAM user.
  • An AWS account.
  • A created management environment with access to your credentials.
  • An IAM role with elevated privileges.

Option 1: Configure AWS CLI Automatically (preferred)

Configure the AWS CLI by following the on-screen instructions on the rok-deploy user interface.

If rok-deploy is not already running, start it with:

root@rok-tools:~# rok-deploy --run-from cli-aws
../../../_images/cli-aws.png

Proceed to the Summary section.

Option 2: Configure AWS CLI Manually

If you want to configure the AWS CLI manually, follow the instructions below.

Procedure

  1. Go to your GitOps repository, inside your rok-tools management environment:

    root@rok-tools:~# cd ~/ops/deployments
  2. Create the AWS configuration directory:

    root@rok-tools:~/ops/deployments# mkdir -p /root/.aws
  3. Provide your AWS credentials. Choose one of the following options depending on whether you want to use custom or auto-detected credentials.

    1. Specify the AWS access key ID of your desired IAM user:

      Note

      Sensitive

      The following command will ask you to type a sensitive value in the terminal. The sensitive value will be getting echoed in the terminal as you type it. Please make sure that you are performing this action in a private environment.

      root@rok-tools:~/ops/deployments# export AWS_ACCESS_KEY_ID=<KEY_ID>

      Replace <KEY_ID> with the desired access key ID. For example:

      root@rok-tools:~/ops/deployments# export AWS_ACCESS_KEY_ID=THISISANACCESSKEYID
    2. Specify the AWS secret access key of your desired IAM user:

      Note

      Sensitive

      The following command will ask you to type a sensitive value in the terminal. The sensitive value will be getting echoed in the terminal as you type it. Please make sure that you are performing this action in a private environment.

      root@rok-tools:~/ops/deployments# export AWS_SECRET_ACCESS_KEY=<SECRET_KEY>

      Replace <SECRET_KEY> with the desired secret access key. For example:

      root@rok-tools:~/ops/deployments# export AWS_SECRET_ACCESS_KEY=THISISASECRETACCESSKEY
    3. Save your AWS credentials in the default profile:

      root@rok-tools:~/ops/deployments# j2 deploy/aws-credentials.j2 \ > -o /root/.aws/credentials

      Warning

      The AWS CLI has multiple credential sources. Environment variables have higher precedence than the custom credentials you have saved in the credentials file /root/.aws/credentials. Therefore, make sure not to export AWS environment variables that can override your custom AWS credentials. You can inspect all the AWS environment variables in your environment with the following command:

      root@rok-tools:~/ops/deployments# env | grep AWS_

    Skip to the next step.

  4. Specify the region where you want to perform this deployment:

    root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION=<REGION>

    Replace <REGION> with the desired region. For example:

    root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION=us-east-1
  5. Save your AWS configuration in the default profile:

    root@rok-tools:~/ops/deployments# j2 deploy/aws-config.j2 \ > -o /root/.aws/config

Verify

  1. Verify that your credentials are valid. Choose one of the following options depending on whether you are using custom or auto-detected credentials.

    root@rok-tools:~# aws sts get-caller-identity { "UserId": "AIDASAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/DevAdmin" }
    root@rok-tools:~# aws sts get-caller-identity { "UserId": "AIDASAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:sts::123456789012:assumed-role/rok-tools/i-0926320f9adaf9b49" }

    Troubleshooting

    Unable to locate credentials

    If the above command shows the following warning message:

    Unable to locate credentials. You can configure credentials by running "aws configure".

    it means that the AWS CLI cannot automatically detect AWS credentials in your management environment. To proceed, run the Procedure again and choose Custom Credentials.

  2. Verify you can access Amazon Elastic Kubernetes Service (EKS):

    root@rok-tools:~# aws eks list-clusters { "clusters": [] }

Summary

You have successfully configured the AWS CLI for your IAM user in your management environment.

What’s Next

The next step is to set up your cloud environment.