Amazon Web Services (AWS)

• Site
• Documentação

Ferramentas auxiliares:

• AWS Policy Generator

Cliente CLI

• Documentação CLI
• Manual de referência da CLI
• Listagem das versões

Instalação

curl -o awscliv2.zip https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.24.12.zip
unzip -q awscliv2.zip
sudo ./aws/install
rm -rf awscliv2.zip aws

Completion

Bash:

echo "complete -C \"$(which aws_completer)\" aws" > ~/.local/share/bash-completion/completions/aws

Configuração

Chave Simples

Cria configuração de forma iterativa:

aws configure
aws configure --profile=user1
AWS_PROFILE=localstack aws configure

Arquivos de configuração:

~/.aws/config:

[default]
region=us-west-1
#output=json

[profile user1]
region=us-east-1
#output=text

[profile localstack]
region=us-east-1
#output=table
endpoint_url=http://localhost:4566

~/.aws/credentials:

[default]
aws_access_key_id=ASIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_session_token = IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE

[user1]
aws_access_key_id=ASIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
aws_session_token = fcZib3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE

[localstack]
aws_access_key_id = test
aws_secret_access_key = test

Integrado ao SSO

Cria configuração de forma iterativa:

aws configure sso
aws configure sso --profile=user1

Arquivos de configuração:

~/.aws/config:

[profile user1]
sso_session = my-sso
sso_account_id = 123456789012
sso_role_name = my-role
region = us-east-1
#output = json

[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://sso.mycompany.com/start
sso_registration_scopes = sso:account:access

Atualiza credenciais/Login:

aws sso login --profile=user1
AWS_PROFILE=user1 aws sso login

Testa Configuração

aws sts get-caller-identity
aws sts get-caller-identity --profile=user1
AWS_PROFILE=localstack aws sts get-caller-identity
AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test AWS_SESSION_TOKEN=test AWS_DEFAULT_REGION=us-east-1 AWS_ENDPOINT_URL=http://localhost:4566 aws sts get-caller-identity

Mocks

LocalStack

• Site
• Documentação

Verificar status:

curl -s http://localhost:4566/_localstack/init
curl -s http://localhost:4566/_localstack/init/ready

Imagem Docker:

• Docker Hub

services:
  aws:
    image: localstack/localstack:4.1.1
    restart: unless-stopped
    volumes:
      - aws-data:/var/lib/localstack
      - /var/run/docker.sock:/var/run/docker.sock
      - ./init.sh:/etc/localstack/init/ready.d/init.sh:ro  # Script para criar recursos
    ports:
      - 4566:4566
      - 4510-4559:4510-4559
volumes:
  aws-data: