Skip to content

How to set up AWS to use with Big BangπŸ“œ

Note

This document is an example of how Big Bang Developers set their AWS credentials and it is optional depending on what you plan to use as your cloud provider and environment

Task 1: Know where to look for the lab’s AWS credentialsπŸ“œ

AWS GUI and CLI Credentials will be shared via email.

  • These are credentials to a sandbox AWS account, even though it’s a sandbox, don’t delete anything you didn’t spin up.
  • These credentials will be shared by the entire group, so do not change the password or rotate the keys.
  • If the shared credentials are leaked please inform the onboarding guides and we’ll have the entire group rotate creds.
  • The onboarding guides will delete/rotate the credentials at the conclusion of the program.

Task 2: Verify that you can login to the AWS GUIπŸ“œ

AWS Console signin (Username and Password supplied by onboarding guides)

You should have the following access:

  • Route53 (RO)
  • VPC (RO)
  • EC2 (full)
  • S3 (full)

Task 3: Configure AWS CLI part 1 of 4 (create ~/.aws hidden folder)πŸ“œ

mkdir -p ~/.aws

Task 4: Configure AWS CLI part 2 of 4 (create ~/.aws/config)πŸ“œ

~/.aws/config is 1 of 2 config files that’s necessary for AWS CLI.

Note

If you are unfamiliar with vi, do the VI-Basics lab in the Labs section of the training, before proceeding

vi ~/.aws/config

[profile bb-onboarding]
region = us-gov-west-1
s3 =
    max_concurrent_requests = 40
    max_queue_size = 10000
    multipart_threshold = 8MB
    multipart_chunksize = 8MB

If the file ~/.aws/config doesn’t exist, this will start a session to create the file. If the file ~/.aws/config does exist, this will start a session to edit the file.

Task 5: Configure AWS CLI part 3 of 4 (IAM: Generate credentials)πŸ“œ

  • Log into AWS console with the credentials sent via email
  • Open IAM and generate the programmatic credentials for the CLI (Access Key)

Note: More detailed information in the User Guide Prerequisites to use the AWS CLI version 2

Task 6: Configure AWS CLI part 4 of 4 (create ~/.aws/credentials)πŸ“œ

vi ~/.aws/credentials

[bb-onboarding]
region=us-gov-west-1
aws_access_key_id = Grab_this_value_generated_from_AWS_Console
aws_secret_access_key = Grab_this_value_generated_from_AWS_Console

Task 7: Edit ~/.aws/credentials, and add in values from AWS ConsoleπŸ“œ

  • Edit the credentials file, replace β€œGrab_this…” with values generated from the AWS Console vi ~/.aws/credentials
    [bb-onboarding]
    region=us-gov-west-1
    aws_access_key_id = Don't forget to edit
    aws_secret_access_key = REPLACE ME
    

Note: More detailed information in the User Guide Configuration and credential file settings

Why didn’t we just use aws configure? Was it merely to practice vi? (no)

Knowing how to configure AWS CLI without using aws configure can be useful.

Some software uses AWS’s API/references these files in these locations, but doesn’t ship with the aws cli.

While interfacing with P1 tooling, you may encounter docker images designed to work with AWS CLI creds, for the sake of leanness and a lower attack surface, the AWS CLI often isn’t packaged with these docker containers, which means you can’t use aws configure. They’ll use your Laptops default AWS creds or those attached to an EC2 instances IAM role, but it can be useful when debugging to know how to manually set credentials within the container without making use of the AWS configure command.

Task 8: Purposefully run these incorrect commands, so you’ll be familiar with common mistakesπŸ“œ

Do the following in a fresh terminal to ensure your .bashrc file is refreshed and your environment variables are set properly.

Executing the following command will fail with error β€œUnable to locate credentials. You can configure credentials by running aws configure”. Ignore the error and move to the next step.

[user@Laptop:~] 

aws s3 ls

Task 9: Verify that you can use the AWS CLI credentials / config is correctπŸ“œ

[user@Laptop:~]
env
# ^-- will show you all variables defined in your CLI environment

export AWS_PROFILE=bb-onboarding; export AWS_DEFAULT_PROFILE=bb-onboarding
# ^-- export is a linux command that sets CLI environment variables

env | grep -i aws
#      ^-- pipe grep with case insensitive -i cmd flag, will filter for matching results

aws s3 ls | grep bb-onboarding-labs-tf
# 2020-06-18 22:26:00 bb-onboarding-labs-tf
# ^-- The above needs to work before moving on

Task 10: Additional cli config verification command:πŸ“œ

## Export the profile we just created
export AWS_PROFILE=bb-onboarding; export AWS_DEFAULT_PROFILE=bb-onboarding
## Ensure we have configuration (your access_key and secret_key may look different)
aws configure list
#      Name                    Value             Type    Location
#      ----                    -----             ----    --------
#   profile            bb-onboarding              env    ['AWS_PROFILE', 'AWS_DEFAULT_PROFILE']
#access_key     ****************XQ5F shared-credentials-file
#secret_key     ****************Jv6c shared-credentials-file
#    region            us-gov-west-1      config-file    ~/.aws/config