How to Log into AWS
We use Leapp to facilitate logging into AWS. Leapp is a tool that allows you to authenticate with your organization's Identity Provider (IdP) and then assume an IAM Role in AWS. This allows you to use your organization's SSO to authenticate with AWS.
Requirements
0 Install AWS Session Manager (If required)
brew install --cask session-manager-plugin
0 Launch Leapp
Setup
The following steps are required only for initial setup.
0 Launch Leapp
0 Create new Integration
0 Fill out Single Sign-On configuration
Alias: acme # This can be whatever you would like to label the Integration in Leapp
Portal URL: https://d-1111aa1a11.awsapps.com/start/ # Set this to your SSO Launch URL
AWS Region: us-east-1 # Your primary region
Auth. Method: In-browser # Optional
0 Log into your IdP
Log into your IdP for your Organization and “Allow” Authorization request
0 Create a “Chained Session” from core-identity
Create a “Chained Session” from the core-identity
account with the IdentityDevopsTeamAccess
Role
This Permission Set will match the given Team name. For example, Developers will use IdentityDevelopersTeamAccess
and
DevOps will use IdentityDevopsTeamAccess
.
0 Fill out the Chained Session configuration
Fill out the Chained Session configuration for connecting to core-identity
Named profile: acme-identity # This must match the profile name given in AWS config
Session Alias: acme-identity # Optional
AWS Region: us-east-1 # This must be your primary region
Role ARN: arn:aws:iam::666666666666:role/acme-core-gbl-identity-devops # This ARN depends on the given team. This example uses the "devops" team
Role Session Name: acme-identity # Optional
Assumer Session: core-identity # This must match the name of the identity account, almost always "core-identity"
0 (Optional) Pin the new acme-identity
IAM Role Chained Session
This makes it easier to filter to the primary session we will be used for connecting to AWS
- Go to All Sessions
- Find the new IAM Role Chained Session for
acme-identity
or whatever value you used forSession Alias
- Click the dots on the IAM Role Chained Session
- Select Pin Session
0 Connect to acme-identity
IAM Role Chained Session
- Select the Session
- Click Start Session
0 Rebuild Geodesic
Open your terminal of choice, navigate to the infrastructure
repository, and launch Geodesic
make all
0 Use AWS in Geodesic
You're done! You can now use AWS from with in Geodesic.
Usage
After initial setup, quickly connect to AWS with the following steps:
-
Launch Leapp
-
Connect to
acme-identity
IAM Role Chained Session -
Open your terminal of choice, navigate to the
infrastructure
repository, and launch Geodesicmake run
-
Done!