Is there an aws cli command to create a dms source endpoint which would use secret manager for access?
I do not find anything on the aws cli docs as well.
Related
I created a new AWS account for AWS ECS. IN Jenkins I installed AWS ECS plugin and now I want to build and push images into registry.
But I need to create API key and secret in AWS in order to Jenkins to communicate with AWS ECR.
How I have to create in AWS these credentials?
Create an IAM user by following this documentation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
When creating specific role/policy to assume for some pipelines which execute aws cli commands. So my questions is, are there any way to figure out which permissions are required to execute some aws cli commands?
For example, which permissions are required to be part of the role to perform an Elastic Beanstalk environment update with aws elasticbeanstalk update-environment?
You can try using iamlive, which allows you to generate IAM policies from AWS calls.
When EMR Cluster has been provisioned, I want to get the "AWS CLI Export" output using aws cli command.
Please let me know if someone has an idea to get aws cli export output through aws cli command
I have a ecs task running with aws fargate. I generate some files on the container and need to upload these files to an s3 bucket.
Can I do this by installing the aws cli to the container?
I'm not sure about the following stuff:
Do I need to use some rest api (like python boto3 library) or can I use the aws console?
How should I authenticate the requests (iam and aws secrets manager?)
Do I need to use some rest api (like python boto3 library) or can I
use the aws console?
Are you asking how to install the AWS CLI into the Docker container running in ECS? You would need to update your Docker image to include the AWS CLI and then redeploy the container to ECS. The AWS API, Boto3, or the AWS console are not going to help with that task.
How should I authenticate the requests (iam and aws secrets manager?)
By assigning an IAM role to the ECS task.
Say I use aws-cli locally on my machine, I´d need to authenticate with credentials prior to any operation.
How do AWS services give permission to other services on my behalf? And more specifically, how does a container run aws-cli on my behalf without prior authentication?
I am asking this, after running my first pipeline successfully in codePipeline. My buildspec.yml does run aws s3 sync command flawlessly -which made me then wonder how do aws internally permissions work-.
AWS CodeBuild uses an IAM Service Role to provide AWS permissions to the CodeBuild environment. You should have had to create a service role for your CodeBuild configuration.
When the AWS cli tool runs, and it hasn't been previously configured with API access keys, it will check if it is running in an AWS environment like EC2 or Lambda and if so, it will use the AWS IAM role assigned to that runtime environment.