This article continues the story of creating the Page Mosaic Web Platform project.
I have already created an account on the AWS platform. It's not difficult, everything is done quickly. However, before using CDK to create or configure anything on AWS, it's necessary to set up a user with administrative rights and programmatic access to resources.
This means that I don't want to use the root user on my AWS account for manipulating resources. I'm already experienced in this.
Therefore, I enabled IAM Identity Center on my AWS account. As far as I understand, this is a new mechanism for user management, and AWS recommends using it instead of managing IAM users individually.
First, I created a user in IAM Identity Center as described in the instruction at https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-use-identity-center-directory-create-user-in-identity-center.html.
Then, I added administrative rights to the permission set in my IAM Identity Center, following the instructions at https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-create-an-administrative-permission-set.html.
And finally, I linked the administrative rights to the user in my account, as outlined at https://docs.aws.amazon.com/singlesignon/latest/userguide/get-started-assign-account-access-admin-user.html.
Now, I needed to check if I could connect to AWS from the command line because I would be running CDK scripts from there.
I installed AWS CLI on my MacBook, following the instructions at https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html.
Next, I needed to configure my user's access. First, I set up the user configuration on my local computer by running the command:
aws configure sso —profile [user name]
I used the profile option to separate different user configurations on my computer.
Then I specified the session name, which the session token, issued for a certain duration when the user works with resources from the command line, would be linked to.
Next, I authorized on the website in the browser and completed the required forms. The terminal itself opened the browser, and I went through the authorization process.
Step 1:
Step 2:
Step 3:
Step 4:
Step 5:
After successful authorization, I returned to the terminal window and specified the region the user would use and the default format.
After that, I could already execute commands like:
aws s3 ls --profile sitebud-admin
In the next post, I will create the initial structure of the codebase of the platform project and add CDK scripts for deploying and configuring resources for a static website on AWS.
Top comments (0)