AWS CLI Setup

Summary

How to setup MAC and able to connect to AWS via AWS CLI.
Configured to have multiple accounts. Both DevOpsPH and diginex.

Setup

Install AWS CLi

# For OSX

brew install awscli

# or

# For python guy

pip install awscli

Go to <user root dir>/.aws and create the credentials file

[default]

aws_access_key_id = XXX

aws_secret_access_key = YYY

region = us-east-1

[devops]

aws_access_key_id = XXX

aws_secret_access_key = YYY

region = us-east-1

[diginex]

aws_access_key_id = XXX

aws_secret_access_key = YYY

region = us-east-1

create the config file: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html

[default]

account_id=929981421241

output = json

region = ap-southeast-1

[profile main]

account_id=929981421241

output = json

region = us-east-1

role_arn = arn:aws:iam::929981421241:role/admin

source_profile = default

mfa_serial = arn:aws:iam::929981421241:mfa/mikael.gulapa

[profile dev]

account_id=168393062562

output = json

region = ap-southeast-1

role_arn = arn:aws:iam::168393062562:role/admin

source_profile = default

mfa_serial = arn:aws:iam::929981421241:mfa/mikael.gulapa

[profile testnet]

account_id=896648906881

output = json

region = ap-southeast-1

role_arn = arn:aws:iam::896648906881:role/admin

source_profile = default

mfa_serial = arn:aws:iam::929981421241:mfa/mikael.gulapa

[profile production]

account_id=822601450760

output = json

region = ap-southeast-1

role_arn = arn:aws:iam::822601450760:role/admin

source_profile = default

mfa_serial = arn:aws:iam::929981421241:mfa/mikael.gulapa

[profile logs]

account_id=896648906881

output = json

region = ap-southeast-1

role_arn = arn:aws:iam::896648906881:role/admin

source_profile = default

mfa_serial = arn:aws:iam::929981421241:mfa/mikael.gulapa

[profile mikael]

output = json

#To Set the profile .Ex. devops is declared in .aws/credentials

aws configure --profile devops

#To Check what's the active access key

aws configure get default.aws_access_key_id

TROUBLESHOOT

Error: error creating EC2 Metadata session: AssumeRoleTokenProviderNotSetError: assume role with MFA enabled, but AssumeRoleTokenProvider session option not set.