In order to get started with this basic AWS + Kubernetes infrastructure fabric three things are absolutely required:
- An Amazon Web Services ("AWS") account.
- An AWS user account with administrator privileges that allow you to provision the infrastructure fabric.
- Install the official AWS command line tool.
If you're part of an organization you should check and see if you're already paying for an AWS account and if you are then you can skip to [Setup an AWS user and API access](#Setup an AWS user and API access). If you do not already have an AWS account then you can follow these handy instructions to get on the right path:
- Goto https://aws.amazon.com/
- Select "Create an AWS Account"
- Follow the instructions provided by Amazon.
NOTE: The following instructions are written for bootstrapping quickly rather than ideal security. Proper configuration of an IAM user's access policy is an advanced topic not covered here.
NOTE: Documenting a User Interface is difficult. If you think this could be clearer or the UI seems to have changed since the guide was written please open an Issue and we'll update the docs accordingly.
- Sign into your AWS account then go to the User Management Screen.
- Click "Add User" and on the screen that appears enter a username then select both Programmatic access and AWS Management Console access.
- Set a password for the new user. This password is used for accessing the AWS Management Console only.
- Unselect "Require password reset"
- Select "Next: Permissions" on the bottom of the screen.
- Select "Attach existing policies directly"
- Search for "AdministratorAccess" then select the single result that is returned. The description should read "Provides full access to AWS services and resources."
- Select "Next: Review" on the bottom of the screen.
- Ensure the following facts are correct on the next screen.
| Field | Value |
|---|---|
| User name | $NAME_ENTERED_IN_STEP_2 |
| AWS access type | Programmatic access and AWS Management Console access |
| Console password type | Custom |
| Require password reset | No |
| Permission summary | Managed Policy -> AdministratorAccess |
- Select "Create User" on the bottom of the screen.
- AWS will dump the API Access Key ID and Secret Access Key on the next screen. Copy the ID and secret to a text file temporarily. It is impossible to retrieve the Secret Access Key again after you leave this screen.
- Sign into your AWS account then go to the User Management Screen.
If you want to create a brand new user for AWS then start from Brand New Account - Step 2.
- Find and select the user in the list.
- Go to the "Permissions" tab and select "Add Permissions".
- Select "Attach existing policies directly"
- Search for "AdministratorAccess" then select the single result that is returned. The description should read "Provides full access to AWS services and resources."
- Select "Next: Review" on the bottom of the screen.
- Ensure the following facts are correct on the next screen.
| Field | Value |
|---|---|
| Permission summary | Managed Policy -> AdministratorAccess |
- Select "Add permissions".
- Go to the "Security Credentials" tab and select "Create Access Key". Copy the ID and secret to a text file temporarily. It is impossible to retrieve the Secret Access Key again after you leave this screen.
The easiest way to get and use the aws command is to install it into the user's Python environment with pip. See the official documentation for available options if this is not suitable for some reason.
pip install --upgrade --user awscli
sudo pip install --upgrade --user awscli --ignore-installed six
Run aws configure and input the following for the prompted values
| Prompt | Input Value |
|---|---|
| AWS Access Key ID | The AWS Access Key ID from Setup an AWS user and API access |
| AWS Secret Access Key | The AWS Secret Access Key from Setup an AWS user and API access |
| Default Region Name | us-east-2 |
| Default Output Format | json |