From 858f3333daf0871a9a6f10b61813fb1db7604840 Mon Sep 17 00:00:00 2001 From: John McBride Date: Thu, 11 Aug 2022 21:01:25 +0000 Subject: [PATCH] Update BUILDING.md and PUBLISHING-AWS.md to mention need for aws creds Several commands referenced in the developer docs interact with AWS services; AMI, EKS, etc. In order to successfully publish AMIs via the quickstart, AWS creds must be setup. This patch updates both BUILDING.md and PUBLISHING-AWS.md to reflect the need to have this setup. Signed-off-by: John McBride --- BUILDING.md | 4 ++++ PUBLISHING-AWS.md | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/BUILDING.md b/BUILDING.md index 466984248a1..2d3258eeae7 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -154,6 +154,10 @@ cargo make \ To use the image in Amazon EC2, we need to register the image as an AMI. +To do this, you'll need to have your AWS account credentials setup on your system. +There are lots of ways to do this; one method is using [the `aws` CLI](https://aws.amazon.com/cli/) via its `configure` command with your user's access and secret keys. +If you're using an EC2 instance, the [EC2 instance's IAM role](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html) will be used automatically if available. + For a simple start, pick an [EC2 region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions), then run: ``` diff --git a/PUBLISHING-AWS.md b/PUBLISHING-AWS.md index a209cbee8e8..ced4397e957 100644 --- a/PUBLISHING-AWS.md +++ b/PUBLISHING-AWS.md @@ -12,6 +12,11 @@ You can also specify this in your `Infra.toml` file: regions = ["us-west-2", "us-east-1", "us-east-2"] ``` +Note: several commands work with AWS services, so there's some shared configuration related to AWS accounts and AWS IAM roles. +For example, you can specify a role to assume before any API calls are made, and a role to assume before any API calls in a specific region. +This can be useful if you want to use roles to control access to the accounts that own AMIs, for example. +See the commented [example Infra.toml](tools/pubsys/Infra.toml.example) for details. + If you specify multiple regions, an AMI will be registered in the first region and then copied to the other regions. After putting this in `Infra.toml`, you can make an AMI more easily: