From f553c204b0779eebf2eabd6924baa7c3e0b07fcc Mon Sep 17 00:00:00 2001 From: Ric Featherstone Date: Thu, 9 Nov 2023 15:14:32 +0000 Subject: [PATCH] docs: update aws iam permissions doc --- docs/aws-iam-permissions.md | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/docs/aws-iam-permissions.md b/docs/aws-iam-permissions.md index 40ca659a..566408a9 100644 --- a/docs/aws-iam-permissions.md +++ b/docs/aws-iam-permissions.md @@ -106,10 +106,9 @@ Role ARN from the output. ## Using SSO -Terraform does not support SSO correctly until v1.6. +Terraform does not support SSO correctly until v1.6., you can however, export the required variables to make it work -In order to work with SSO, create two profiles one for sso, and one to assume the role you have created with the -required permissions; simulator-sso and simulator in the example below. +Create an SSO profile as usual ```shell [profile simulator-sso] @@ -119,17 +118,30 @@ sso_account_id = ... sso_role_name = ... region = ... output = ... +``` + +Then, before running a `simulator image` or `simulator infra` command, ensure you have the required environment +variables set by running the following. + +```shell +export AWS_REGION=... +aws sso login --profile simulator-sso +source <(aws configure export-credentials --format env) +``` +Alternatively, you can use an SSO profile to perform an STS Assume Role + +```shell [profile simulator] role_arn = arn:aws:iam:::role/simulator source_profile = simulator-sso ``` -Then, before running a `simulator image` or `simulator infra` command, ensure you have the required environment -variables set by running the following. +This time, ensure you login to your SSO profile, and then generate the STS credentials ```shell export AWS_REGION=... aws sso login --profile simulator-sso source <(aws configure export-credentials --profile simulator --format env) ``` +