Search

Dev

aws iam create-user --user-name dev
Shell
복사
cat <<EOF> dev-role-policy.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "eks:*" ], "Resource": "*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*", "Condition": { "StringEquals": { "iam:PassedToService": "eks.amazonaws.com" } } } ] } EOF
Shell
복사
POLICY_ARN=$(aws iam create-policy --policy-name dev-policy --policy-document file://dev-role-policy.json --query "Policy.Arn" --output text)
Shell
복사
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
Shell
복사
cat <<EOF> dev-assume-role.json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::$ACCOUNT_ID:user/dev", "arn:aws:iam::$ACCOUNT_ID:role/wsi-control-plane-role" ] }, "Action": "sts:AssumeRole" } ] } EOF
Shell
복사
ROLE_ARN=$(aws iam create-role --role-name developer --assume-role-policy-document file://dev-assume-role.json --query "Role.Arn" --output text)
Shell
복사
aws iam attach-role-policy --role-name developer --policy-arn $POLICY_ARN
Shell
복사
aws iam create-access-key --user-name dev # 아래의 예시 { "AccessKey": { "UserName": "dev", "AccessKeyId": "AKIA2M55O2MCUWCFCRNI", "Status": "Active", "SecretAccessKey": "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", "CreateDate": "2024-07-12T05:07:17+00:00" } }
Shell
복사
aws configure --profile dev
Shell
복사
aws sts assume-role --role-arn $ROLE_ARN --role-session-name dev-session --profile dev # 아래의 예시 { "Credentials": { "AccessKeyId": "ASIA2M55O2MC2PZ65B7S", "SecretAccessKey": "9OlMM3f33xQsDJ+fqff6psqjEqqpy0AojEWJkuNn", "SessionToken": "IQoJb3JpZ2luX2VjEKX//////////wEaDmFwLW5vcnRoZWFzdC0yIkcwRQIhANtYghpyWo6AIeKezf+U3RZG8Y4yKq1OCUDTKhk8BFIXAiAHquTtVGhnrqkFAk7qRewcJ7gooS2guSRIwubQFrpWTSqYAghuEAEaDDcxNDk3MjUxNzEyNSIMyo1v6JnMyPos4TPqKvUBQeYjvbYOafydBFMSu/NzS5den/aOjoE/XiAvuKju8RikBsH3iDGkS3FgyTEaaz6llxGbKWiFrpcy1PBWbgUwPW0b7Vn7S9A2QcWU80TD9qfDU1A6AINWBmBsWHsK0Fb1n7SFihhsaHFGdqSTi06u9vsu3jEABa2/qDh/zOSdlXrAVoiMZ8lZumb+I47y2IMnkFhDYq9Il3r9ZZF+NiPzkHAawBXE4MU9tmNCcAaJHASQF5wftAP3xt/4CwKB/JZg5odZ9cOjt0cZ9uQSwGUcuQBlB12pPpZtUsy/3UHwBvfkrbqfTQqarF0cGhSIxf7bh1ZPHT4wufTCtAY6nQE41DxlHkgDuSK+cOOUAUoZ47rsgTuISgn3cBKuGRdKYPcvV1EB5EtRMpuwZqpIOfw6uFo/Iof7ZQVcebb/JEu2Uf1fu79dFxfS3bpGrQd3NCJ59blyObPx5b4KQJhTYVm/DqKIHSw5H4NXqi9AyeZFC56ThfOXo1ozRDqv7la+qxPbH632I46up1oS5asSyQDzZjjZUCzzIh0tWPug", "Expiration": "2024-07-12T06:08:09+00:00" }, "AssumedRoleUser": { "AssumedRoleId": "AROA2M55O2MC57PDPZZMT:dev-session", "Arn": "arn:aws:sts::714972517125:assumed-role/developer/dev-session" } }
Shell
복사
apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: dev-role namespace: skills rules: - apiGroups: ["*"] resources: ["*"] verbs: ["list", "get", "describe", "watch", "delete", "deletecollection"] --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dev-rolebinding namespace: skills subjects: - kind: Group name: dev roleRef: kind: Role name: dev-role apiGroup: rbac.authorization.k8s.io
YAML
복사
kubectl apply -f dev-rbac.yaml
Shell
복사
eksctl create iamidentitymapping --cluster wsi-cluster --arn $ROLE_ARN --group dev --username dev
Shell
복사
CONTROL_PLANE_PRIVATE_IP=$(aws ec2 describe-instances --filter Name=tag:Name,Values=wsi-control-plane --query "Reservations[].Instances[].PrivateIpAddress" --output text)
Shell
복사
ssh dev@$CONTROL_PLANE_PRIVATE_IP -p 3817
Shell
복사
aws configure AWS Access Key ID [None]: <dev Assume Access key> AWS Secret Access Key [None]: <dev Assume Secret Access key> Default region name [None]: ap-northeast-2 Default output format [None]: json
Shell
복사
vim ~/.aws/credentials aws_security_token = <dev Assume SesstionToken>
Shell
복사
aws sts get-caller-identity # 아래의 예시 { "UserId": "AROA2M55O2MC57PDPZZMT:dev-session", "Account": "714972517125", "Arn": "arn:aws:sts::714972517125:assumed-role/developer/dev-session" }
Shell
복사
aws eks --region ap-northeast-2 update-kubeconfig --name wsi-cluster
Shell
복사
skills namespace의 파드 조회 및 삭제만 가능