Generate an AWS profile from the current environment
Generate an AWS profile from the current environment for the ephemeral bootstrap cluster.
The utility will attempt to find credentials in the following order:
- Check for the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.
- Read the default credentials from the shared configuration files ~/.aws/credentials or the default profile in ~/.aws/config.
- Check for the presence of an EC2 IAM instance profile if it’s running on AWS.
- Check for ECS credentials.
IAM role assumption can be performed by using any valid configuration for the AWS CLI at: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html. For role assumption to be used, a region is required for the utility to use the AWS Security Token Service (STS). The utility resolves the region in the following order:
- Check for the --region flag.
- Check for the AWS_REGION environment variable.
- Check for the DEFAULT_AWS_REGION environment variable.
- Check that a region is specified in the shared configuration file.
The utility will then generate an ini-file with a default profile corresponding to the resolved credentials.
If a region cannot be found, for the purposes of using AWS Security Token Service, this utility will fall back to us-east-1. This does not affect the region in which clusters will be created.
In the case of an instance profile or role assumption, note that encoded credentials are time-limited.
clusterawsadm bootstrap credentials encode-as-profile [flags]
# Encode credentials from the environment for use with clusterctl export AWS_B64ENCODED_CREDENTIALS=$(clusterawsadm bootstrap credentials encode-as-profile) clusterctl init --infrastructure aws
-h, --help help for encode-as-profile --output string Output for credential configuration (rawSharedConfig, base64SharedConfig) (default "base64SharedConfig") --region string The AWS region in which to provision
-v, --v int Set the log level verbosity. (default 2)
- clusterawsadm bootstrap credentials - Encode credentials to use with Kubernetes Cluster API Provider AWS