It is not reccomended to use the
rootuser for any workloads/CLI/SDK access, rather setup a
IAM users and grant access either by policy (single rule) or role. Think of a role as a hat that the user can wear to then have access to resources.
“An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.”
“A role is intended to be assumable by anyone or thing who needs it.”
“An IAM role is similar to a user in that it is an AWS identity with permissions policies that determine what the identity can and cannot do in AWS. A role is intended to be assumable by anyone or thing who needs it. A role does not have standard long-term credentials (password or access keys) associated with it. Instead, if a user assumes a role, temporary security credentials are created dynamically and provided to the user.”
To configure the below you will need the required
access key id and
secret access key which you can get from the AWS AMI Console (Identity and Access Management) you will need to be logged in. Any commands that point to a
.json configuration file are available on github.
- Install using the CLI
This will live in
C:\Program Files\Amazon\AWSCLI and should then work from any terminal.
- Check version
This could show v1 or v2 - I had to uninstall v1 to get v2 to work, there may be a switcher as v2 have breaking changes.
aws-cli/1.21.7 Python/3.6.0 Windows/10 botocore/1.22.7
- Configure with the keys you got from the IAM in the amazon console.
C:\> aws configure
This creates these text files in the following location:
- Then you can test it works
aws iam list-roles
- Create the task execution IAM role
--- Create the task execution role
More than one profile
As I have more than one profile I use
--profile carlos this means my default profile is not used
ECSCLI (Elastic Container Service)
This will live in
- Run windows powersell as administrator
--- create folder
Edit the environment variables and add
C:\Program Files\Amazon\ECSCLIto the
Restart powersell and check version
- Configure with the same keys used above
I used the profile names
carl_configuration_name below when setting up ECS for the Lexicon via the AWS CLI.
ecs-cli configure profile --profile-name carl_ecs_cli_profile --access-key HOEHOEHOEHOHEOHEOHE --secret-key HO/hehOehoHEOHEhohEOHeohEOH+EohOEe
--cluster needs to satisfy regular expression pattern:
This creates these files which you can edit with any text editor.