AWS Tooling

There are a few tools that we try to keep “hermetic” without the repo, so we’re all using the same version:

  • aws (the AWS CLI)
  • terraform (the terraform command line tool)
  • admin-auth (an authenticator for AWS CLI)

To run these, source the file:


Then run the tools as you normally would.

You can authenticate in one of two ways. Normally, you will want to authenticate through the catalog:

dtascione@desktop:~/ark$ ./build/ark-aws-auth-tool --fetch-aws-creds
Checking cached credentials...
No cached credentials found.
Please reauthenticate. Using `dtascione` as username.
>> Access Token valid
>> AWS Credentials valid (expires at 2023-01-19 22:30:00 -- [11 hours 59 minutes])

However, if you have an account on, and you want to sign in as an administrator (for example, to use terraform), use the SSO script:

dtascione@desktop:~/ark$ admin-auth
E-mail (
MFA (6-digit code): 

Your new access key pair has been stored in the AWS configuration file /home/dtascione/.aws/credentials under the default profile.
Note that it will expire at <timestamp>
After this time, you may safely rerun this script to refresh your access key pair.
To use this credential, call the AWS CLI with the --profile option (e.g. aws --profile saml ec2 describe-instances).

Then run AWS:

dtascione@desktop:~/ark$ aws s3 ls s3://ark-logs-rhq/splits/
2020-11-08 15:38:13  268364358 0121934d-2987-4a3e-a912-e2bd01cff5be
2020-11-08 15:38:11  266904176 01bc51fd-a58a-4c18-a85c-a11550a48981
2020-11-08 15:42:32    2449948 0292b70e-3fd5-4425-8ee9-f567f1c4bc95
2020-11-08 15:38:13  123986239 03ea887f-86a5-44e6-ab10-a03f21b0dce5
2020-11-08 15:38:13  267020248 04fe89b4-e441-4e55-b2d9-7a5b287005e3
2020-11-08 15:38:13  266695139 072bcf8d-6c19-41a9-b4a0-c3d2281f401a

We have several ECRs that we use for pushing content. You need to tell Docker to use your AWS credentials to push to those. For example:

aws ecr get-login-password | docker login --username AWS --password-stdin