Reputation: 1111
How to configure AWS CLI in an elastic-beanstalk instance
I created an elastic-beanstalk configuration with eb init and deployed it with the eb create command. When I ssh to the instance, I can see that I have the AWS CLI installed.
What I'm trying to do is to configure the CLI with my access key ID and AWS secret access key with the eb create or init command, so that I don't have to SSH to the environment every time and do a manual configuration.
Is there a way to configure the CLI along with the environment deployment (on first boot)? I tried passing environment variables but that doesn't seem to do anything.
Thanks
Upvotes: 1
Views: 2031
Answers (2)
Reputation: 5338
TL;DR: For the love of goodness, use instance profiles! You will thank yourself later.
Upvotes: 1
Reputation: 18926
If you wish to use the AWS CLI installed on the EC2 instances which are part of your beanstalk environment, I would recommend depending on instance profile credentials instead of copy/pasting an access_key_id and secret_access_key.
Instance profiles are basically IAM roles that allow you to pass IAM roles to the instances on launch and the instances have credentials automatically available for use on the EC2 instances. Besides standard AWS tools like AWS CLI, AWS SDKs automatically use the instance profile credentials when available. You can find the precedence order that AWS CLI uses for finding credentials documented here.
You can pass an instance profile to your environment using the Option setting with namespace "aws:autoscaling:launchconfiguration" and option name "IamInstanceProfile". This is made easier with the console and eb cli. Since you are already using eb cli to create the environment, you would already be passing the instance profile for launching an environment. Typically the instance profile is named "aws-elasticbeanstalk-ec2-role" (the default name) but it could be named something else as well. Let me know if you are not able to find the instance profile for your environment.
Additionally you need to the update the IAM role associated with the necessary policies to provide the role access to the services you want to call using the AWS CLI. This page documents the minimum permissions required on your role for running elastic beanstalk. You can add more permissions if you need using the IAM console.
Lastly if you still want to pass the ACCESS_KEY and SECRET_KEY directly, then you can do so using environment variables defined in the AWS management console or through ebextensions and then run commands using ebextensions which copy these environment variables to ~/.aws/credentials which is one of the sources of credentials that the AWS CLI looks for as shown here. Let me know if you need help writing ebextensions. Documentation for ebextensions is available here and here.
I would highly recommend using instance profiles though.
Upvotes: 6
Related Questions
- AWS EB ( Elastic Beanstalk) CLI not working in the command line of git bash
- How to change the AWS account using the Elastic Beanstalk CLI
- SSH to Elastic Beanstalk instance
- How to use AWS CLI with Elastic Beanstalk?
- AWS Elastic BeanStalk SignatureDoesNotMatch
- How to connect to existing elastic beanstalk instance locally from cli?
- AWS cli elasticbeanstalk