AWS Tooling
There are a few tools that we try to keep “hermetic” without the repo, so we’re all using the same version:
aws
(the AWS CLI)terraform
(the terraform command line tool)admin-auth
(an authenticator for AWS CLI)
To run these, source the env.sh
file:
. env.sh
Then run the tools as you normally would.
You can authenticate in one of two ways. Normally, you will want to authenticate through the catalog:
dtascione@desktop:~/ark$ ./build/ark-aws-auth-tool --fetch-aws-creds
Checking cached credentials...
No cached credentials found.
Please reauthenticate. Using `dtascione` as username.
Password:
>> Access Token valid
>> AWS Credentials valid (expires at 2023-01-19 22:30:00 -- [11 hours 59 minutes])
However, if you have an account on tbdrobotics.com, and you want to sign in as an administrator (for example, to use terraform), use the SSO script:
dtascione@desktop:~/ark$ admin-auth
E-mail (myself@tbdrobotics.com): dtascione@tbdrobotics.com
Password:
MFA (6-digit code):
----------------------------------------------------------------
Your new access key pair has been stored in the AWS configuration file /home/dtascione/.aws/credentials under the default profile.
Note that it will expire at <timestamp>
After this time, you may safely rerun this script to refresh your access key pair.
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).
----------------------------------------------------------------
Then run AWS:
dtascione@desktop:~/ark$ aws s3 ls s3://ark-logs-rhq/splits/
2020-11-08 15:38:13 268364358 0121934d-2987-4a3e-a912-e2bd01cff5be
2020-11-08 15:38:11 266904176 01bc51fd-a58a-4c18-a85c-a11550a48981
2020-11-08 15:42:32 2449948 0292b70e-3fd5-4425-8ee9-f567f1c4bc95
2020-11-08 15:38:13 123986239 03ea887f-86a5-44e6-ab10-a03f21b0dce5
2020-11-08 15:38:13 267020248 04fe89b4-e441-4e55-b2d9-7a5b287005e3
2020-11-08 15:38:13 266695139 072bcf8d-6c19-41a9-b4a0-c3d2281f401a
...
We have several ECRs that we use for pushing content. You need to tell Docker to use your AWS credentials to push to those. For example:
aws ecr get-login-password | docker login --username AWS --password-stdin 095412845506.dkr.ecr.us-east-1.amazonaws.com