I deployed an application on EB with my own AWS account, but I need to do the same with another one. I have the user name, access key and secret access key for the AWS account I need to deploy from, but I don't even know how to switch out of my account to do it.
I've been able to sign into the AWS cli with those credentials, but I'm having trouble using the aws elasticbeanstalk cli, so help deploying my application through that would be helpful as well.
Thanks!
The AWS CLI credentials are set in credential file and can be overridden with enviroment variables.
To create differnent profiles can use the built in config tool:
aws configure --profile user2
Then when you use the aws to call elasticbeanstalk, you can specify this new profile to use
aws --profile user2 elasticbeanstalk ...blah...blah...blah...
Related
I created a new AWS account for AWS ECS. IN Jenkins I installed AWS ECS plugin and now I want to build and push images into registry.
But I need to create API key and secret in AWS in order to Jenkins to communicate with AWS ECR.
How I have to create in AWS these credentials?
Create an IAM user by following this documentation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
Say I use aws-cli locally on my machine, I´d need to authenticate with credentials prior to any operation.
How do AWS services give permission to other services on my behalf? And more specifically, how does a container run aws-cli on my behalf without prior authentication?
I am asking this, after running my first pipeline successfully in codePipeline. My buildspec.yml does run aws s3 sync command flawlessly -which made me then wonder how do aws internally permissions work-.
AWS CodeBuild uses an IAM Service Role to provide AWS permissions to the CodeBuild environment. You should have had to create a service role for your CodeBuild configuration.
When the AWS cli tool runs, and it hasn't been previously configured with API access keys, it will check if it is running in an AWS environment like EC2 or Lambda and if so, it will use the AWS IAM role assigned to that runtime environment.
I need to prepare Docker image with embedded Jar file to push it into ECR. Jar file is storing in S3 bucket. How I can inject jar inside image without explicit storing AWS access keys into image?
Maybe I can use AWS CLI or exist other way?
Also it is not recommended to add public access to my s3 bucket and set access keys via env variable during execute docker run.
You can define an AWS IAM Role and attach it to EC2 Instances. So any instance that needs to run this docker build command, can do so as long as it has the IAM role attached to it. You can do so from the AWS Console. This solves the problem of you putting AWS credentials on the instance itself.
You will still need to install the aws cli in your Dockerfile. Once IAM Role is attached, you don't have to worry about credentials.
Recommended docs:
IAM Roles for Amazon EC2
Here's an official blog post tutorial on how to do this:
Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI
Just make sure you specify in the IAM Role which S3 Buckets you want these instances to have access to.
I have deployed an application on EB with my own AWS account, and have done the same with another one.
I don't know how to switch out of my command line eb cli account. There are no eb CLI options to switch profiles like the normal AWS CLI...
Thanks!
Use named profiles via eb --profile x to use a specific profile from your AWS credentials file.
Or you can use multiple, distinct credentials files (see here) and change the AWS_CREDENTIAL_FILE environment variable to point to the relevant credentials file. You could even write a couple of shell scripts such as eb-project1 and eb-project2 that each export/set the relevant AWS_CREDENTIAL_FILE value and then simply execute eb so that you don't have to switch credentials manually - just run eb-project1 or eb-project2 as needed instead of running eb.
I have two AWS accounts, one for personal, one for work-related projects. I've previously created and deployed to my personal AWS account.
I want to create a work-related app on the work AWS account. I signed in with those credentials, and created a new application from within the console.
Then, in my work project folder, I eb init and eb create/deploy the work app. When I did eb create, it was asking to set up a an environment different than the one I had created in AWS. After creating it, I found that a new project had be created within my personal AWS account.
I was told I have to change profiles doing eb --profile but am not sure of my profile names. How can I list and change my profile from my personal to my work profile?
EDIT:
I was given an access key ID. I tried eb --profile MYKEYID. No message was displayed when I did this. I'm not sure which profile I'm on.
The EB CLI and the AWS CLI share the same credentials.
They are stored in either ~/.aws/config or ~/.aws/credentials.
You can list them using
aws configure list
Once you know what profile you want to use, you can set it permanently for that project by running
eb init --profile ProfileName
in the project directory.
You can see what settings the EB CLI has for your project by looking at the .elasticbeanstalk/config.yml file.