DEV Community

Cover image for Building a Robust Web Platform on AWS: A Step-by-Step Journey Through AWS CLI and IAM Identity Center
Alex Pustovalov
Alex Pustovalov

Posted on

Building a Robust Web Platform on AWS: A Step-by-Step Journey Through AWS CLI and IAM Identity Center

This article continues the story of creating the Page Mosaic Web Platform project.

I have already created an account on the AWS platform. It's not difficult, everything is done quickly. However, before using CDK to create or configure anything on AWS, it's necessary to set up a user with administrative rights and programmatic access to resources.

This means that I don't want to use the root user on my AWS account for manipulating resources. I'm already experienced in this.

Therefore, I enabled IAM Identity Center on my AWS account. As far as I understand, this is a new mechanism for user management, and AWS recommends using it instead of managing IAM users individually.

First, I created a user in IAM Identity Center as described in the instruction at

Then, I added administrative rights to the permission set in my IAM Identity Center, following the instructions at

And finally, I linked the administrative rights to the user in my account, as outlined at

Now, I needed to check if I could connect to AWS from the command line because I would be running CDK scripts from there.

I installed AWS CLI on my MacBook, following the instructions at

Next, I needed to configure my user's access. First, I set up the user configuration on my local computer by running the command:

aws configure sso —profile [user name]
Enter fullscreen mode Exit fullscreen mode

I used the profile option to separate different user configurations on my computer.

Then I specified the session name, which the session token, issued for a certain duration when the user works with resources from the command line, would be linked to.

Next, I authorized on the website in the browser and completed the required forms. The terminal itself opened the browser, and I went through the authorization process.

  • Step 1:
    Image description

  • Step 2:
    Image description

  • Step 3:
    Image description

  • Step 4:
    Image description

  • Step 5:
    Image description

After successful authorization, I returned to the terminal window and specified the region the user would use and the default format.

Image description

After that, I could already execute commands like:

aws s3 ls --profile sitebud-admin
Enter fullscreen mode Exit fullscreen mode

In the next post, I will create the initial structure of the codebase of the platform project and add CDK scripts for deploying and configuring resources for a static website on AWS.

Top comments (0)