Skip to main content

AWS Setup

This documentation is under review

1. Create the AWS account

The first thing you need to do is define the account credentials. Open 1password and create a new login item.

username should be bot+{YOUR_PROJECT_NAME}@codeleap.co.uk. The emails will fall into the inbox for bot@codeleap.co.uk (you can find the gmail credentials in 1password) Generate a random, secure password.

Then, go to AWS's sign up page.

During the sign up process, you'll be asked for a few fields. Here's how to input the needed info

TODO: Write this. I don't actually remember what AWS asks for

After this is done, you should have an AWS account with a root user.

On the AWS search bar, search for and navigate to IAM.

Set the account alias as described here to something that helps us identify this project.

Find the root account on the users list, and assign MFA credentials to the root account using 1password as described here.

2. Create a user for programatic access

Go the policies page via the sidebar, and then click Create Policy.

Set the editor to JSON and then paste in the policy from here

NOTE: If you need to add other permissions

Click next, and name the policy pulumi-iac. Click next after reviewing.

Next, go the users page via the sidebar, and then click Create User.

Set the user's name to pulumi. Don't provide them access to the console.

On the next page, click Attach policies directly, and search for the pulumi-iac policy you created earlier.

Click next, review, and then next again to create the user.

On the users list, find the pulumi user you just created. Go to the Security credentials tab and search for Access Keys. Create a new access key, and select Other when prompted for a reason.

Don't set a description tag, and click next. Download the access keys and store them in 1password.

3. Authenticate with the programatic user locally

Ensure you have the AWS CLI installed before continuing.

Once it's working, insert aws configure --profile {project-name}-iac in your shell.

When prompted for access key id and secret, add the values from 1password

For default region, set it to eu-west-2. Set json as the default format

If the setup is successful, run this to confirm it's working:

aws sts get-caller-identity --profile {project-name}-iac
{ # The output should look something like this
    "UserId": "AIDATINVGZDZAD22GUFQE",
    "Account": "224255199474",
    "Arn": "arn:aws:iam::224255199474:user/pulumi"
}

Congratulations, you're ready to start working with AWS.