https://github.com/julioaranajr/aws-clic-setup
Repository to Setup AWS CLI and Exsercies
https://github.com/julioaranajr/aws-clic-setup
aws aws-iam aws-iam-policies aws-profile awscli
Last synced: 4 months ago
JSON representation
Repository to Setup AWS CLI and Exsercies
- Host: GitHub
- URL: https://github.com/julioaranajr/aws-clic-setup
- Owner: julioaranajr
- Created: 2022-09-29T07:49:06.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-03-21T20:37:52.000Z (about 2 years ago)
- Last Synced: 2025-02-08T22:29:56.215Z (4 months ago)
- Topics: aws, aws-iam, aws-iam-policies, aws-profile, awscli
- Homepage:
- Size: 573 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Aws Cli Setup Labs
Repository to Setup AWS CLI# AWS Lab
Go to [Cloudreach AWS Vending Machine](https://aws.vending-machine.cloudreach.io/home/welcome) to request a Personal Development Lab.
This should take a few minutes for the request to be process and receive an email with your access details.### Set up AWS CLI on your mac
```
brew install awscli
```Test that awscli is working:
```
aws --version
```### Access AWS Lab Account
Labs can be access from the [Cloudreach OneLogin Portal](https://cloudreach.onelogin.com) and click on the `AWS Lab` icon.
### Region
For consistency and quick access, let set the region to `eu-central-1`.
### Switch Role
After the account has been created, you will receive the account ID and the appropriate role to switch into to access resources on your account.
On the top right of the console, click on your Username to show the drop-down menu and click on `Switch Roles`. Fill in the necessary information
```
Provided for Cloudreach AWS Vending Machine by emailAccount: provided for Cloudreach AWS Vending Machine by email
Role: LabUserAdmin
Display Name: LabUserAdmin
```### Create a new user for programmatical access for AWS Identity and Access Management (IAM)
```
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources.
With IAM, you can centrally manage permissions that control which AWS resources users can access.
You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.
```* Go to AWS IAM > User Groups
* Click on `Create group`
* Set the user group name
* Scroll down and Attach permissions policies
* Search for the policy name `AdministratorAccess` Type `AWS managed - job function` select the box, then click on `Create group`
* Go to AWS IAM > Users
* Click on `Add users`
* Set your user name then click on `Next`
* For `Set Permissions`, select the `Add user to group`
* Search for `User groups` and check `Administrator`the selection box, then click on `Next`
* Set Tags tags then click on `Add new tag`
* Enter Key=Name Value= e.g. Value=Will Smith
* then click on `Add new tag`
* Enter Key=Company Value= e.g. Value=Cloudreach
* then click on `Add new tag`
* Enter Key=Profile Value= e.g. Value=Cloud Systems Developer
* then click on `Add new tag`
* Enter Key=Location Value= e.g. Value=Germany
* Review the details and click on `Create user`
* Go to AWS IAM > Users
* Click on your user name then press `Security credential Tab`
* Scroll down and press `Create access keys`
* Select Command Line Interface (CLI) selection box
* Select the box with `I understand the above recommendation and want to proceed to create an access key.`
* No Tag is necesary then click on `Create access key````
You should now have the `access_key` and `secret_access_key` displayed.
This is the only time that the secret access key can be viewed or downloaded.
You cannot recover it later. However, you can create a new access key any time.
```
Access key best practices
* Never store your access key in plain text, in a code repository, or in code.
* Disable or delete access key when no longer needed.
* Enable least-privilege permissions.
* Rotate access keys regularly.
* For more details about managing access keys, see the [Best practices for managing AWS access keys](https://docs.aws.amazon.com/console/general/access-keys-best-practices)### AWS config & credentials
Check that the folder `~/.aws` exists and create it if it does not. Open or create a new file in `~/.aws/config`. The config file contains the AWS account configurations for each user/role you will need to access an account.
```
vi ~/.aws/config
```Add the lines:
```
[Cloudreach]
region = eu-west-1
account = 123456789
profile = talent-academy
role = LabUserAdmin
output = json
```Open or create a new file in `~/.aws/credentials`. This is where you will save both the ACCESS and SECRET key to your account with a profile name.
```
vi ~/.aws/credentials
``````
[talent-academy]
aws_access_key_id =
aws_secret_access_key =
```### Export the required profile
The aws cli requires you to specify which configuration profile you wish to use everytime you execute the command. Instead of typing the profile name each time, you can expose it in the `Environment Variable` of your current terminal session by typing this command:
```
export AWS_PROFILE="talent-academy"
export AWS_DEFAULT_REGION="eu-west-1"
```Now each time the cli is ran, both variables will be used as paramters to the command to access the right configuration.
### Test your access
Run the following command to check that your access and configuration are working:
```
aws iam list-users
```