Provides infrastructure layer compute capabilities, including both bare metal and virtual servers with various optimizations includins compute, memory, IO, and disk. Also supports accelerations options such as GPUs, FPGAs, Inferentia and Trainium.
Provides image recognition capability for images (in batch or real-time) and video that provides a analysis of the content such as real-world objects, faces, celebrities, and path mapping.
Provides a publish/subscribe notification service with multiple subscription types including Amazon Simple Queue Service (SQS), Amazon Kinesis Data Firehose, AWS Lambda, generic HTTPS endpoints, SMS and email.
A serverless, fully-managed, message queue service that supports producing, store, and consuming messages and enables loose coupling between applications.
Provides private networking capability spanning multiple availability zones and supporting subnets, routing, network access control groups, security groups and gateways.
Provides tracing of service invocations in distributed applications for observability, allowing users to diagnose issues or optimize their service interactions.
All about Cloud, mostly about Amazon Web Services (AWS)
Using AWS IAM Roles from the CLI
2018-10-02 / 417 words / 2 minutes
Most people who have used the AWS Command Line Interface (CLI) for more than a few minutes are familiar with the aws configuration command and its ability to save AWS IAM access keys and secret access keys. These are available for AWS IAM users, but most people aren’t aware that they could be using AWS IAM Roles from the CLI.
First, there must already be a profile in the credentials file which has the permission to assume the role. The CLI will actually connect with that profile and then transparently assume to the required role.
Second, it isn’t possible to use aws configure to setup the use of AWS Identity and Access Management (IAM) Roles from the CLI. You’ll need to hand edit the ~/.aws/credentials file to make the necessary modifications.
The actual changes required aren’t complex. The following example shows a credentials file with two different profiles. The first profile is called “source” (lines 1 to 3). It is the profile in the credentials file which has the permission to assume the role. This profile consists of the typical aws_access_key_id and aws_secret_access_key entries generated by the AWS Identity and Access Management (IAM) service. The second profile is called “destination” (lines 5 to 7). It provides the details of the initial profile to use and the role to assume. The line “source_profile” tells the AWS CLI to use the “source” profile to connect to AWS. The line “role_arn” tells the AWS CLI to assume the role OrganizationAccountAccessRole in account 123456789012.
[destination]
source_profile = source
role_arn = arn:aws:iam::123456789012:role/OrganizationAccountAccessRole
It is easy to switch between the source and the destination profiles when using the AWS CLI. The standard “–profile” command line option selects the specified profile:
$ aws –profile source s3 ls
2015-01-01 01:01:01 source-acct-s3-bucket
$ aws –profile destination s3 ls
2016-02-02 02:02:02 destination-acct-s3-bucket
$
1
2
3
4
5
$ aws –profile source s3 ls
2015-01-01 01:01:01 source-acct-s3-bucket
$ aws –profile destination s3 ls
2016-02-02 02:02:02 destination-acct-s3-bucket
$
This can be really useful when using the AWS CLI. It takes several operations when using the API to connect to the AWS Security Token Service (STS) and assume another role, but this technique really streamlines things when using AWS IAM Roles from the CLI!
All data and information provided on this site is for informational
purposes only. cloudninja.cloud makes no representations as to accuracy,
completeness, currentness, suitability, or validity of any information
on this site and will not be liable for any errors, omissions, or
delays in this information or any losses, injuries, or damages
arising from its display or use. All information is provided on an
as-is basis.
This is a personal weblog. The opinions expressed here represent my
own and not those of my employer. My opinions may change over time.
