Amazon Web Services (AWS)
Ferramentas auxiliares:
Cliente CLI
Instalação
curl -o awscliv2.zip https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.24.12.zip
unzip -q awscliv2.zip
sudo ./aws/install
rm -rf awscliv2.zip aws
Completion
Bash:
echo "complete -C \"$(which aws_completer)\" aws" > ~/.local/share/bash-completion/completions/aws
Configuração
Chave Simples
Cria configuração de forma iterativa:
aws configure
aws configure --profile=user1
AWS_PROFILE=localstack aws configure
Arquivos de configuração:
~/.aws/config:
[default]
region=us-west-1
#output=json
[profile user1]
region=us-east-1
#output=text
[profile localstack]
region=us-east-1
#output=table
endpoint_url=http://localhost:4566
~/.aws/credentials:
[default]
aws_access_key_id=ASIAIOSFODNN7EXAMPLE
aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
aws_session_token = IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE
[user1]
aws_access_key_id=ASIAI44QH8DHBEXAMPLE
aws_secret_access_key=je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY
aws_session_token = fcZib3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZ2luX2IQoJb3JpZVERYLONGSTRINGEXAMPLE
[localstack]
aws_access_key_id = test
aws_secret_access_key = test
Integrado ao SSO
Cria configuração de forma iterativa:
aws configure sso
aws configure sso --profile=user1
Arquivos de configuração:
~/.aws/config:
[profile user1]
sso_session = my-sso
sso_account_id = 123456789012
sso_role_name = my-role
region = us-east-1
#output = json
[sso-session my-sso]
sso_region = us-east-1
sso_start_url = https://d-0000000000.awsapps.com/start
sso_registration_scopes = sso:account:access
Atualiza credenciais/Login:
aws sso login --profile=user1
AWS_PROFILE=user1 aws sso login
Testa Configuração
aws sts get-caller-identity
aws sts get-caller-identity --profile=user1
AWS_PROFILE=localstack aws sts get-caller-identity
AWS_ACCESS_KEY_ID=test AWS_SECRET_ACCESS_KEY=test AWS_SESSION_TOKEN=test AWS_DEFAULT_REGION=us-east-1 AWS_ENDPOINT_URL=http://localhost:4566 aws sts get-caller-identity
Mocks
LocalStack
Verificar status:
curl -s http://localhost:4566/_localstack/init
curl -s http://localhost:4566/_localstack/init/ready
Imagem Docker:
services:
aws:
image: localstack/localstack:4.14.0
restart: unless-stopped
volumes:
- aws-data:/var/lib/localstack
- /run/docker.sock:/run/docker.sock
- ./init.sh:/etc/localstack/init/ready.d/init.sh:ro # Script para criar recursos
ports:
- 4566:4566
- 4510-4559:4510-4559
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:4566/_localstack/init/ready"]
start_period: 30s
start_interval: 5s
interval: 1m
timeout: 3s
retries: 3
volumes:
aws-data:
init.sh:
#!/bin/bash
set -eux
export AWS_ACCESS_KEY_ID="test"
export AWS_SECRET_ACCESS_KEY="test"
export AWS_SESSION_TOKEN="test"
export AWS_DEFAULT_REGION="us-east-1"
export AWS_ENDPOINT_URL="http://localhost:4566"
aws s3api create-bucket --bucket="meu-bucket"
MiniStack
Imagem Docker:
services:
aws:
image: nahuelnucera/ministack:1.1
restart: unless-stopped
volumes:
- ./config/ministack/entrypoint:/docker-entrypoint-initaws.d:ro
- /run/docker.sock:/run/docker.sock
ports:
- 4566:4566
Moto
Imagem Docker:
services:
aws:
image: ghcr.io/getmoto/motoserver:5.1.22
restart: unless-stopped
environment:
MOTO_PORT: "4566"
volumes:
- /run/docker.sock:/run/docker.sock
ports:
- 4566:4566