Skip to content

msokolov93/Cloud9-Setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
README.md
README.md
 
 
Screenshot 2022-11-27 150807.png
Screenshot 2022-11-27 150807.png
 
 
git_ssh.sh
git_ssh.sh
 
 

Repository files navigation

cloud9setup

Step 1: Setting up Git with SSH access

Run this script:

ssh-keygen -t rsa -b 4096 -C "[email protected]" -P "" -f "/home/ec2-user/.ssh/id_rsa" -q  
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa
cat /home/ec2-user/.ssh/id_rsa.pub

In Github:

Settings -> SSH and GPG keys -> New SSH key -> add output from step 1 -< Add SSH key

screenshot

To test access type:

ssh -T [email protected]

or

git clone [email protected]:msokolov93/cloud9setup.git

Step 2: Configure Secure Access for Cloud9

Create IAM entities

Create IAM role for Cloud9 with required presmissions and write down role arn

Example: arn:aws:iam::112233445566:role/Cloud9AdminRole

Create IAM Policy to further assume this role

Example: Cloud9AssumeRolePolicy

Add your role ARN accordingly

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::112233445566:role/Cloud9AdminRole"
    }
}

Attach policy to IAM Role that you will store keys for

Example: MyUser

Attach Cloud9AssumeRolePolicy to MyUser

Create a new keypair or write down existing Access key ID and Secret access key

Authorize CLI environment with created keypair from MyUser

export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

verify MyUser login is successful by running command:

aws sts get-caller-identity

For the next step jq is required:

sudo yum install jq

To Authorize CLI run command with required Cloud9 Role ARN:

OUT=$(aws sts assume-role --role-arn arn:aws:iam::112233445566:role/Cloud9AdminRole --role-session-name MySessionName);\
export AWS_ACCESS_KEY_ID=$(echo $OUT | jq -r '.Credentials''.AccessKeyId');\
export AWS_SECRET_ACCESS_KEY=$(echo $OUT | jq -r '.Credentials''.SecretAccessKey');\
export AWS_SESSION_TOKEN=$(echo $OUT | jq -r '.Credentials''.SessionToken');

After consecutive logins run command to clear session:

unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN AWS_SECURITY_TOKEN

To verify Cloud9AdminRole is used, type:

aws sts get-caller-identity

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages