Ensure you have access to an AWS account, and a set of credentials with Administrator permissions. Note: In a production environment we would recommend locking permissions down to the bare minimum needed to operate the pipeline.
Log into the AWS Management Console and search for Cloud9 services in the search bar. Click Cloud9 and create an AWS Cloud9 environment in the us-east-2 region based on Amazon Linux 2. You can provide a environment name of workshop-environment for name and select the instance type as t2.micro or t3.micro.
Launch the AWS Cloud9 IDE. Close the Welcome tab and open a new Terminal tab.
Disable Cloud9 temporary credentials, and create and attach an IAM role for your Cloud9 instance so that you can deploy using AWS CDK for initial setup.
- Follow this deep link to create an IAM role with Administrator access.
- Confirm that AWS service and EC2 are selected, then click Next to view permissions.
- Confirm that AdministratorAccess is checked, then click Next: Tags to assign tags.
- Take the defaults, and click Next: Review to review.
- Enter workshop-admin for the Name, and click Create role.
- Follow this deep link to find your Cloud9 EC2 instance
- Select the instance, then choose Actions / Security / Modify IAM Role. Note: If you cannot find this menu option, then look under Actions / Instance Settings / Modify IAM Role instead.
- Choose workshop-admin from the IAM Role drop down, and select Save
- Return to your Cloud9 workspace and click the gear icon (in top right corner), or click to open a new tab and choose "Open Preferences"
- Select AWS SETTINGS
- Turn off AWS managed temporary credentials
- Close the Preferences tab
- In the Cloud9 terminal pane, execute the command:
rm -vf ${HOME}/.aws/credentials - As a final check, use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.
aws sts get-caller-identity --query Arn | grep workshop-admin -q && echo "IAM role valid" || echo "IAM role NOT valid"
