The easiest way to provide credentials when running Takomo on your local computer is to configure a profile in the ~/.aws/credentials file and then either export the profile name in
AWS_PROFILE environment variable or pass it on with the
--profile command-line option.
Configure a profile in the ~/.aws/credentials file:
~/.aws/credentials[my-profile]aws_access_key_id=<YOUR ACCESS KEY ID>aws_secret_access_key=<YOUR SECRET ACCESS KEY>
You can then provide the profile in an environment variable:
AWS_PROFILE=my-profile tkm stacks deploy
Or, you can use the
--profile command line option:
tkm stacks deploy --profile my-profile
If you have an IAM user in one account that you use to assume roles from the same or other accounts, you can configure the access keys for the user in the credentials file and then create separate profiles for each of the roles.
Configure a profile and roles in the credentials file.
~/.aws/credentials[manager]aws_access_key_id=<YOUR ACCESS KEY ID>aws_secret_access_key=<YOUR SECRET ACCESS KEY>[account-a-admin]role_arn=arn:aws:iam::123456789012:role/adminsource_profile=manager[account-b-readonly]role_arn=arn:aws:iam::210987654321:role/readonlysource_profile=manager
Now, when you run a command with account-a-admin profile, AWS SDK uses the access keys you have configured for the manager profile to assume the arn:aws:iam::123456789012:role/admin IAM role referenced by the account-a-admin profile.
tkm stacks deploy --profile account-a-admin
You can specify in an IAM role's trust policy that the user must provide an MFA token to assume it. Then, to assume the role, you need to configure your IAM user's MFA device with
mfa_serial property in the role's profile like so:
~/.aws/credentials[manager]aws_access_key_id=<YOUR ACCESS KEY ID>aws_secret_access_key=<YOUR SECRET ACCESS KEY>[account-a-admin]role_arn=arn:aws:iam::123456789012:role/adminsource_profile=managermfa_serial=arn:aws:iam::224466880011:mfa/username
When you run a command, Takomo will ask you the MFA code.
tkm stacks deploy --profile account-admin