Upgrade to Pro — share decks privately, control downloads, hide ads and more …

.awsにあるファイルには何が書かれているのか

 .awsにあるファイルには何が書かれているのか

9225e855d5096915e696bda707e48220?s=128

Yasuharu Sawada

August 27, 2021
Tweet

Transcript

  1. .aws Yasuharu Sawada

  2. .aws AWS SSO AWS

  3. AWS ~/.aws ~/.aws/config ~/.aws/credentials ` ` $ ls ~/.aws/ cli

    config credentials sso ` ` ` `
  4. ~/.aws/config ~/.aws/credentials ` ` $ cat ~/.aws/config [default] region =

    ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile other-profile] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = OtherRole output = json ` ` $ cat ~/.aws/credentials [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-profile] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****
  5. .aws/credentials

  6. .aws/credentials AWS AWS aws_access_key_id , aws_secret_access_key , aws_session_token ` `

    ` ` ` ` [default] aws_access_key_id = AAAAAAAAAAAAAAAAAAAA aws_secret_access_key = *************** [other-credential] aws_access_key_id = BBBBBBBBBBBBBBBBBBBB aws_secret_access_key = *************** aws_session_token = ****
  7. .aws/con g

  8. .aws/con g AWS aws_access_key_id , aws_secret_access_key AWS credentials ` `

    ` `
  9. [default] region = ap-northeast-1 [profile profile-custodian] region = ap-northeast-1 sso_start_url

    = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json ... [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole
  10. .aws/con g pro le AWS --profile sourece_profile role_arn Role switch

    Role ` ` $ aws s3 list → [default] $ aws s3 list --profile profile-other → [profile-other] ` ` ` `
  11. Role source_profile role_arn SSO SSO aws_access_key_id aws_secret_access_key ` ` `

    ` ` ` ` ` [profile profile-custodian] region = ap-northeast-1 sso_start_url = https://a-0123456789.awsapps.com/start sso_region = ap-northeast-1 sso_account_id = 123456789012 sso_role_name = BaseRole output = json
  12. Switch Role source_profile role_arn source_profile role_arn switch Role ` `

    ` ` ` ` ` ` [profile profile-other] source_profile = profile-custodian role_arn = arn:aws:iam::123456789012:role/SampleRole
  13. .aws/credential .aws/con g ? aws_access_key_id aws_secret_access_key con g aws configure

    .aws/credential ` ` ` ` ` ` ` `
  14. SSO MFA SSO Role Switch role $ aws sso login

    --profile profile-custodian
  15. ~/.aws/config ! AWS con g AWS ` `

  16. ( ) v2 AWS CLI aws CLI v2 ! !

    --cli-auto-prompt ` ` ❯ aws --cli-auto-prompt > aws sso login --profile profile-custodian ────────────────────────────────────────────────────────────────────────────────────────────────────────────────── [ENTER] Autocomplete Choice/Execute Command [F1] Show Shortkey Help [F2] Focus on next panel [F3] Hide/Sh ow Docs [F5] Hide/Show Output
  17. Appendix https://docs.aws.amazon.com/ja_jp/cli/latest/userguide/cli-con gure- les.html

  18. END