AWS IAM Authorization
You can access AWS by Web console or AWS CLI.
Authorization via Web Console
Authorization using AWS CLI
Then set up your AWS credentials in
~/.aws/credentials. This should be shared by all AWS accounts in the Organization.
[example] aws_access_key_id = XXXXXXXXXXXXXXXXXXXX aws_secret_access_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Following IAM Best Practices users have minimum permissions by default, but they can assume IAM Roles that provides wide access to AWS.
To config assume role access add AWS profile in
~/.aws/config. Make sure to change username to your own.
[profile example-staging-admin] region=us-west-2 role_arn=arn:aws:iam::XXXXXXXXXXXX:role/OrganizationAccountAccessRole mfa_serial=arn:aws:iam::XXXXXXXXXXXX:mfa/[email protected] source_profile=example
In provided example:
example - source profile name
example-staging-admin - name of profile with assumed role
role_arn - ARN of role to assume
mfa_serial - use MFA ARN
source_profile = name of credentials to use. specified in
We recommend authorizing with assumed role profile using AWS Vault. AWS vault is included in Geodesic Overview so you can use it in the geodesic shell