This document describes the process of setting up credentials for your local AWS CLI. This will enable you to interact directly with our infrastructure using the CLI, as well as provision infrastructure using Pulumi.
As part of onboarding, you should be set up to access AWS via the SSO portal. Please ensure that you have set up and enabled MFA.
- Download the AWS CLI - see https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- Run
aws configure sso- some of the required details can be found via the SSO portal in the 'Access keys' section:- e.g.
SSO start URLandSSO Regionare listed underAWS IAM Identity Center credentials (Recommended). SSO registration scopescan be left as the default (sso:account:access).
- e.g.
- Allow access from the authorisation page that should open in your browser.
- You should be prompted for more details in the terminal:
CLI default client regionshould beeu-west-2CLI default output formatshould bejson- For the
CLI profile namefield, please use the formatplanx-<STACK>, e.g.planx-staging
- Repeat for all environments (staging, production)
- Test! You should be able to call commands using the CLI, for example
aws sts get-caller-identity --profile planx-stagingand get the expected result.
Occasionally, you'll be prompted to refresh your credentials, this can be done via aws sso login --profile <PROFILE>