.awsにあるファイルには何が書かれているのか

Transcript

1. .aws Yasuharu Sawada

2. .aws AWS SSO AWS

3. AWS ~/.aws ~/.aws/config ~/.aws/credentials ` ` $ ls ~/.aws/ cli

   config credentials sso ` ` ` `

4. ~/.aws/config ~/.aws/credentials ` ` $ cat ~/.aws/config [default] region =

   ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile other-profile] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = OtherRole output = json ` ` $ cat ~/.aws/credentials [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-profile] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****

5. .aws/credentials

6. .aws/credentials AWS AWS aws_access_key_id , aws_secret_access_key , aws_session_token ` `

   ` ` ` ` [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-credential] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****

7. .aws/con g

8. .aws/con g AWS aws_access_key_id , aws_secret_access_key AWS credentials ` `

   ` `

9. [default] region = ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url

   = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole

10. .aws/con g pro le AWS --profile sourece_profile role_arn Role switch

    Role ` ` $ aws s3 list → [default] $ aws s3 list --profile profile-other → [profile-other] ` ` ` `

11. Role source_profile role_arn SSO SSO aws_access_key_id aws_secret_access_key ` ` `

    ` ` ` ` ` [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json

12. Switch Role source_profile role_arn source_profile role_arn switch Role ` `

    ` ` ` ` ` ` [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole

13. .aws/credential .aws/con g ? aws_access_key_id aws_secret_access_key con g aws configure

    .aws/credential ` ` ` ` ` ` ` `

14. SSO MFA SSO Role Switch role $ aws sso login

    --profile profile-custodian

15. ~/.aws/config ! AWS con g AWS ` `

16. ( ) v2 AWS CLI aws CLI v2 ! !

    --cli-auto-prompt ` ` ❯ aws --cli-auto-prompt > aws sso login --profile profile-custodian ────────────────────────────────────────────────────────────────────────────────────────────────────────────────── [ENTER] Autocomplete Choice/Execute Command [F1] Show Shortkey Help [F2] Focus on next panel [F3] Hide/Sh ow Docs [F5] Hide/Show Output

17. Appendix https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-con gure- les.html

18. END