.awsにあるファイルには何が書かれているのか

by Yasuharu Sawada

Slide 1

Slide 1 text

.aws Yasuharu Sawada

Slide 2

Slide 2 text

.aws AWS SSO AWS

Slide 3

Slide 3 text

AWS ~/.aws ~/.aws/config ~/.aws/credentials ` ` $ ls ~/.aws/ cli config credentials sso ` ` ` `

Slide 4

Slide 4 text

~/.aws/config ~/.aws/credentials ` ` $ cat ~/.aws/config [default] region = ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile other-profile] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = OtherRole output = json ` ` $ cat ~/.aws/credentials [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-profile] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****

Slide 5

Slide 5 text

.aws/credentials

Slide 6

Slide 6 text

.aws/credentials AWS AWS aws_access_key_id , aws_secret_access_key , aws_session_token ` ` ` ` ` ` [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-credential] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****

Slide 7

Slide 7 text

.aws/con g

Slide 8

Slide 8 text

.aws/con g AWS aws_access_key_id , aws_secret_access_key AWS credentials ` ` ` `

Slide 9

Slide 9 text

[default] region = ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole

Slide 10

Slide 10 text

.aws/con g pro le AWS --profile sourece_profile role_arn Role switch Role ` ` $ aws s3 list → [default] $ aws s3 list --profile profile-other → [profile-other] ` ` ` `

Slide 11

Slide 11 text

Role source_profile role_arn SSO SSO aws_access_key_id aws_secret_access_key ` ` ` ` ` ` ` ` [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json

Slide 12

Slide 12 text

Switch Role source_profile role_arn source_profile role_arn switch Role ` ` ` ` ` ` ` ` [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole

Slide 13

Slide 13 text

.aws/credential .aws/con g ? aws_access_key_id aws_secret_access_key con g aws configure .aws/credential ` ` ` ` ` ` ` `

Slide 14

Slide 14 text

SSO MFA SSO Role Switch role $ aws sso login --profile profile-custodian

Slide 15

Slide 15 text

~/.aws/config ! AWS con g AWS ` `

Slide 16

Slide 16 text

( ) v2 AWS CLI aws CLI v2 ! ! --cli-auto-prompt ` ` ❯ aws --cli-auto-prompt > aws sso login --profile profile-custodian ────────────────────────────────────────────────────────────────────────────────────────────────────────────────── [ENTER] Autocomplete Choice/Execute Command [F1] Show Shortkey Help [F2] Focus on next panel [F3] Hide/Sh ow Docs [F5] Hide/Show Output

Slide 17

Slide 17 text

Appendix https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-con gure- les.html

Slide 18

Slide 18 text

END