- Amazon Web Services (AWS)
- Google Cloud Project (GCP)
We created a 'devs' group w/ full admin access for each IAM user in the group. If you're working solo (professor?), just create a single accoount with full permissions.
- log in as root user to AWS console
- go to IAM (Identity and Access Management) - not IAM Identity Center
- click Users (left sidebar)
- click Create User (button)
- name yourself (
yourname_aws_tf). don't touch anything else. click next
- name yourself (
- add yourself to 'devs' user group. click next
- click Create User to finalize
- click on your newly created username
- go to 'Create access key' (top right ish of screen)
- FYI: Access Key docs
- FYI: Access Key best practices
- select use case: CLI, click through to next screen
- name description tag: localmachine (or something similar.. point is to identify it will be going on your computer)
- click Create Access Key to finalize
- Download .csv of your access key, keep in a safe place
- terminal:
$ which awsto check for previous install (old & new installs don't get along) - install instructions
- import your access keys .csv into AWS CLI
- instructions
- csv import instructions don't work unless you manually add User Name column to front of csv as such: (or there are alt instructions at the linked page)
User Name,Access key ID,Secret access key name_aws_tf,xxxxxxxxx,xxxxxxxxxxx
Now that you've added your credentials to AWS CLI, they should be i this file:
~/.aws/credentials
If you already had multiple AWS credentials, they are all stored in this file, so if you peek inside, it might look something like this:
$ cat ~/.aws/credentials
[default]
aws_access_key_id = ...
aws_secret_access_key = ...
[yourname_aws_tf]
aws_access_key_id = ...
aws_secret_access_key = ...
Confirm that the credentials for your IAM User yourname_aws_tf are in this file
Change the line in terraform.tfvars:
```tf
aws_iAM = "<yourname>_aws_tf"
aws_cred_file = "~/.aws/credentials"
```
You do not need to update aws_cred_file unless it is stored somewhere other than the default.
- click on the project tab
- select create new project
- name it and click create
- search for 'Cloud Resource Manager API'. enable it
Repeat for all devs
- go to google cloud console
- select project
- select service accounts unde the iam and admin tab
- click create new service account
- for the service account name (
yourname_gcp_tf) don't touch anything else. click create
- for the service account name (
- you will see the user created and click actions on that user
- from the dropdown click manage keys
- click add key then create key and choose json
- key will automatically download keep in a safe place
-
run gcloud authentication command
gcloud auth application-default login
the command will prompt you to login using a browser
-
after authenticating in your browser it will return a credential file location
something like
Credentials saved to file: [/Users/<your user>/.config/gcloud/application_default_credentials.json]
-
change the line in terraform.tfvars
gcp_cred_file = "/Users/<your_user>/.config/gcloud/application_default_credentials.json"
-
set the default working project
gcloud config set project <project_id>
-
enable gcloud compute engine
gcloud services enable compute.googleapis.com
Update terraform.tfvars with YOUR information that we obtained during the setup process.
## Google Cloud variable definitions
gcp_region_name = "us-east1"
gcp_cred_file = "~/.config/gcloud/application_default_credentials.json"
gcp_project_id = "term-project-v2"
....
gcp_network_name = "project"
## AWS variable definitions
aws_region = "us-east-1"
aws_iAM = "annie_aws_tf"
aws_cred_file = "~/.aws/credentials"
....
Some recommend to not git commit this file so as not to expose secrets. In this project we do not add any secrets to this file. (Local file paths to credentials are not secrets)
However, be aware of this if you choose to add more variables to this file.