Configure AWS CLI¶
This guide will walk you through configuring the AWS CLI (aws
) for your IAM
user.
Fast Forward
If you have already configured aws
for your IAM user, expand this box to
fast-forward.
- Proceed to the Verify section.
See also
Choose one of the following options to configure the AWS CLI:
Overview
What You’ll Need¶
Here is what you’ll need based on whether you want to use custom or auto-detected credentials.
- An AWS account.
- A created management environment.
- An IAM user with elevated privileges.
- The Access Key ID for this IAM user.
- The Secret Access Key for this IAM user.
- An AWS account.
- A created management environment with access to your credentials.
- An IAM role with elevated privileges.
Option 1: Configure AWS CLI Automatically (preferred)¶
Configure the AWS CLI by following the on-screen instructions on the
rok-deploy
user interface.
If rok-deploy
is not already running, start it with:
Proceed to the Summary section.
Option 2: Configure AWS CLI Manually¶
If you want to configure the AWS CLI manually, follow the instructions below.
Procedure¶
Go to your GitOps repository, inside your
rok-tools
management environment:root@rok-tools:~# cd ~/ops/deploymentsCreate the AWS configuration directory:
root@rok-tools:~/ops/deployments# mkdir -p /root/.awsProvide your AWS credentials. Choose one of the following options depending on whether you want to use custom or auto-detected credentials.
Specify the AWS access key ID of your desired IAM user:
Note
Sensitive
The following command will ask you to type a sensitive value in the terminal. The sensitive value will be getting echoed in the terminal as you type it. Please make sure that you are performing this action in a private environment.
root@rok-tools:~/ops/deployments# export AWS_ACCESS_KEY_ID=<KEY_ID>Replace
<KEY_ID>
with the desired access key ID. For example:root@rok-tools:~/ops/deployments# export AWS_ACCESS_KEY_ID=THISISANACCESSKEYIDSpecify the AWS secret access key of your desired IAM user:
Note
Sensitive
The following command will ask you to type a sensitive value in the terminal. The sensitive value will be getting echoed in the terminal as you type it. Please make sure that you are performing this action in a private environment.
root@rok-tools:~/ops/deployments# export AWS_SECRET_ACCESS_KEY=<SECRET_KEY>Replace
<SECRET_KEY>
with the desired secret access key. For example:root@rok-tools:~/ops/deployments# export AWS_SECRET_ACCESS_KEY=THISISASECRETACCESSKEYSave your AWS credentials in the default profile:
root@rok-tools:~/ops/deployments# j2 deploy/aws-credentials.j2 \ > -o /root/.aws/credentialsWarning
The AWS CLI has multiple credential sources. Environment variables have higher precedence than the custom credentials you have saved in the credentials file
/root/.aws/credentials
. Therefore, make sure not to export AWS environment variables that can override your custom AWS credentials. You can inspect all the AWS environment variables in your environment with the following command:root@rok-tools:~/ops/deployments# env | grep AWS_
Skip to the next step.
Specify the region where you want to perform this deployment:
root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION=<REGION>Replace
<REGION>
with the desired region. For example:root@rok-tools:~/ops/deployments# export AWS_DEFAULT_REGION=us-east-1Save your AWS configuration in the default profile:
root@rok-tools:~/ops/deployments# j2 deploy/aws-config.j2 \ > -o /root/.aws/config
Verify¶
Verify that your credentials are valid. Choose one of the following options depending on whether you are using custom or auto-detected credentials.
root@rok-tools:~# aws sts get-caller-identity { "UserId": "AIDASAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/DevAdmin" }root@rok-tools:~# aws sts get-caller-identity { "UserId": "AIDASAMPLEUSERID", "Account": "123456789012", "Arn": "arn:aws:sts::123456789012:assumed-role/rok-tools/i-0926320f9adaf9b49" }Troubleshooting
Unable to locate credentials
If the above command shows the following warning message:
Unable to locate credentials. You can configure credentials by running "aws configure".it means that the AWS CLI cannot automatically detect AWS credentials in your management environment. To proceed, run the Procedure again and choose
Custom Credentials
.Verify you can access Amazon Elastic Kubernetes Service (EKS):
root@rok-tools:~# aws eks list-clusters { "clusters": [] }