Set-up of infrastructure for MHS.
This repository imports shared AWS helpers from prm-deductions-support-infra.
They can be found utils directory after running any task from tasks file.
In order to get sufficient access to work with terraform or AWS CLI:
Make sure to unset the AWS variables:
unset AWS_ACCESS_KEY_ID
unset AWS_SECRET_ACCESS_KEY
unset AWS_SESSION_TOKEN
As a note, the following set-up is based on the README of assume-role tool
Set up a profile for each role you would like to assume in ~/.aws/config, for example:
[profile default]
region = eu-west-2
output = json
[profile admin]
region = eu-west-2
role_arn = <role-arn>
mfa_serial = <mfa-arn>
source_profile = default
The source_profile needs to match your profile in ~/.aws/credentials.
[default]
aws_access_key_id = <your-aws-access-key-id>
aws_secret_access_key = <your-aws-secret-access-key>
brew install remind101/formulae/assume-role
Run the following command with the profile configured in your ~/.aws/config:
assume-role admin
Run the following command with the profile configured in your ~/.aws/config:
eval $(dojo "echo <mfa-code> | assume-role admin"
Run the following command to confirm the role was assumed correctly:
aws sts get-caller-identity
When creating the new ssm keys, please follow the agreed convention as per the design specified below:
- all parts of the keys are lower case
- the words are separated by dashes (
kebab case) envis optional
Please follow this design to ensure the ssm keys are easy to maintain and navigate through:
| Type | Design | Example |
|---|---|---|
| User-specified | /repo/<env>?/user-input/ |
/repo/${var.environment}/user-input/db-username |
| Auto-generated | /repo/<env>?/output/<name-of-git-repo>/ |
/repo/output/prm-deductions-base-infra/root-zone-id |