I am new to Cloud9 and following this URL to setup Kubeflow in AWS.
Unfortunately, I am not able to attach the role to the user as mentioned in this URL.
Could anyone please suggest what could have gone wrong here?
While the link did not work for me here, below suggestion provided by AWS support worked for me.
Please navigate to Preferences on the menu bar in the AWS Cloud9 IDE.
- On the Preferences tab, in the navigation pane, choose AWS Settings-->Credentials.
- Use AWS managed temporary credentials to turn AWS managed temporary credentials on or off.
Related
I have an AWS account and I bring someone access to one EC2 instance, all he has is only a pem file and the username and host. So he can connect with ssh without any AWS account.
I want to give him an option to turn on/off the instance. I can do it with AWS-CLI but I use my secret key for it and I don't want to give it to him.
I thought maybe to run a little instance with AWS-CLI with my secret key and enable him to do it with some website run on this little instance such that he will have a UI system via the browser and he will click on the button POWER ON and this is will run the right command with AWS-CLI
Is there any tool I can do it simply?
Thanks
I thought maybe to run a little instance with AWS-CLI with my secret
key and enable him to do it with some website run on this little
instance such that he will have a UI system via the browser and he
will click on the button POWER ON and this is will run the right
command with AWS-CLI Is there any tool I can do it simply?
That is certainly possible, but you would have to write some custom code, build that custom website, etc..
An easier method would be to simply create an IAM user in your AWS account, with only API access, and only give it an IAM policy that lets them start and stop that one instance.
You could create an API Gateway linked to an AWS Lambda function. Then, create a static web page in Amazon S3 that simply contains two links -- one for turning ON the instance, the other for turning OFF the instance.
The user could go to that page and click the appropriate link. This would trigger the AWS Lambda function, which can call StartInstances() or StopInstances() to control the instance.
This would not be a suitable solution for a commercial service because you would need authentication, but it is sufficient for use by a single 'trusted' user.
This is a simple example of how I did it:
If i want to use codestar, I need to create a developer account, which is probably pretty weird. But it is even more weird, that i get redirected to creating an Amazon account.
Can anyone explain me why this is the case?
You have to pay attention to the application type
Select the right application type and AWS service in the template section
For example, if you chose AWS EC2 and Web application, AWS won't ask you for an Amazon developer account
I'm using an AWS student pack provided by my university. I want to switch the location to Bahrain from N. Virginia. Everytime I try to do that I get the following error:
AWS Educate Starer Accounts are very limited.
You can check what is allowed in the link below:
AWS Services Supported with AWS Educate Starter Account
Shortly, you have no access to billing information and many, many other services and options.
you don't need to enter in the Billing area into the console to change to Bahrain.
What you have to do is:
Login on AWS Educate site (https://aws.amazon.com/education/awseducate/)
Right Up corner (AWS Account) inside the AWS Educate portal
Click "AWS Educate Starter Account". It will open another tab, "Workbench".
Click to open "AWS Console"
Now, you are logged on AWS console.
Go to Services, select a services that changes with a region, for example, EC2, RDS, etc., if you see "Global" on right top corner, you cannot change the region to Bahrain, please select another service first, then select the region.
I hope I could help.
my company provides me with a federated access to AWS. By that I mean, we're going to a website where we login with our SSO which then allows us to pull up the AWS console (i.e. through as custom federation broker as described here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html)
I can create instances (ec2) just fine through the UI. My question is, how can I get API credentials to use with aws cli?
In the IAM dashboard I don't see an option to create a credential set for myself.
Is this even something I can get to, or do they (=my it people) need to change something in the setup?
Thanks a bunch!
ps. to clarify, this we're not going through onelogin
You can create a program to do this leveraging your credentials, your SSO config, and boto3.
Alternatively, I use this google chrome plugin: https://github.com/prolane/samltoawsstskeys/blob/master/README.md
Atlassian also released a tool recently to help solve this problem, and there are some other ones out there if you do some searching.
I have created a development deployment for an application using kops, kubectl, and EC2.
When I set up this deployment, I created a Kops IAM user as specified in this guide. Everything has worked fine for me managing this deployment.
I am now leaving the project for another job and have to allow someone else
to take over this deployment. I tried having them use aws configure and enter the appropriate kops IAM user creds, but the kops user still does not show up for this person when they run aws iam list-users.
What is the best way to share this IAM user with this new developer?
I have stumbled upon this guide which states I can Delegate Access Across AWS Accounts Using IAM Roles, but I am not sure if this is the correct solution? Shouldn't the new developer just be able to enter the Kops IAM user cred info to access its resources?
Forgive me, for I am not very experienced with aws-cli and this deployment process. I just took on this responsibility on our team because no one else was confident they could do it.
Thanks!
I think the best way to handle this would be to enter the AWS Console as the Root. Go to IAM and select the kops user. In the Security credentials tab, create a new access key and share the credentials with the other developer by forwarding him/her the csv file. Once he/she downloads the csv have them try the aws configure and enter the new access credentials. Letme know if this works!