farhangithub27/new mac aws credentials configuration steps

## new mac aws credentials configuration steps
Install aws-cli using brew for version 2
$brew install awscli
This will create a hidden ~/.aws inside your ~ (Users/farhansaeed) dir
with an empty config file to carry profiles.

OR aws-shell which comes with command completion.
We can use any of the two. However I have installed both for learning.

Install aws-vault from brew cask
$ brew cask install aws-vault
# https://docs.cloudposse.com/tools/aws-vault/
# https://github.com/99designs/aws-vault

check isntallation to symlink to actual bin file
Installation will install it in usr/l
$ brew cask list aws-vault
aws-vault: 5.3.2
https://github.com/99designs/aws-vault
/usr/local/Caskroom/aws-vault/5.3.2 (14.8MB)
From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/aws-vault.rb
==> Name
aws-vault
==> Artifacts
aws-vault (Binary)

OR
$ brew cask list aws-vault
will give symlink linked to actual location of installation, which is Caskroom.
/usr/local/bin/aws-vault -> /usr/local/Caskroom/aws-vault/5.3.2/aws-vault

Configuration of credentials
Make your you have an account in aws IAM and your access key and secret key.
and also configured for MFA for your mobile as well.

create your profile inside config file for aws-vault to read profiles from.
vi ~.aws/config
Sample config
[default]
# Default profie gets applied to all profiles automatically. Dont have to source_profile it inside other profiles.
region = ap-southeast-2

[profile farhan]
#region = ap-southeast-2
role_arn = arn:aws:iam::674486510127:role/admin-sudo
mfa_serial = arn:aws:iam::674486510127:mfa/farhan

NOTE: I have applied admin-sudo role to myself.
admin-sudo role has already been created in aws management console.

Instead of storing access_key_id and seceret key into shared crednetials file inside ~.aws folder
we will use aws-vault for that matter.

Run command to securely store your credentials into MAC OS keychain or windows credential mnanager.
# store credentials for the "farhan" profile.
$ aws-vault add farhan
Enter Access Key Id: ABDCDEFDASDASF
Enter Secret Key: %%%

for the first time aws-vault will create a aws-vault db file @
~/Library/Keychains/ named aws-vault.keychain-db

keychain app popup will open to allocate password for your newly created aws-vault db file.

In order to view this file in your mac os keychain app do following
https://github.com/99designs/aws-vault/issues/444

    Open Keychain Access.app
    File > Add Keychain, or Option+Click in the list of keychains and pick Add Keychain
    Navigate to ~/Library/Keychains/ and pick aws-vault.keychain-db
    You should be able to see it in the list of keychains on the left now

Now in order to login into aws managent console with user farhan assuming role admin-sudo
$aws-vault login farhan
keychain popup to enter password for keychain app to access keys for profile farhan
Then it will ask you to enter MFA code from your configured mobile device.
Finally
This it will log you in as admin-sudo and browser will open in aws managment console.
	Install aws-cli using brew for version 2
	$brew install awscli
	This will create a hidden ~/.aws inside your ~ (Users/farhansaeed) dir
	with an empty config file to carry profiles.

	OR aws-shell which comes with command completion.
	We can use any of the two. However I have installed both for learning.

	Install aws-vault from brew cask
	$ brew cask install aws-vault
	# https://docs.cloudposse.com/tools/aws-vault/
	# https://github.com/99designs/aws-vault

	check isntallation to symlink to actual bin file
	Installation will install it in usr/l
	$ brew cask list aws-vault
	aws-vault: 5.3.2
	https://github.com/99designs/aws-vault
	/usr/local/Caskroom/aws-vault/5.3.2 (14.8MB)
	From: https://github.com/Homebrew/homebrew-cask/blob/master/Casks/aws-vault.rb
	==> Name
	aws-vault
	==> Artifacts
	aws-vault (Binary)

	OR
	$ brew cask list aws-vault
	will give symlink linked to actual location of installation, which is Caskroom.
	/usr/local/bin/aws-vault -> /usr/local/Caskroom/aws-vault/5.3.2/aws-vault

	Configuration of credentials
	Make your you have an account in aws IAM and your access key and secret key.
	and also configured for MFA for your mobile as well.

	create your profile inside config file for aws-vault to read profiles from.
	vi ~.aws/config
	Sample config
	[default]
	# Default profie gets applied to all profiles automatically. Dont have to source_profile it inside other profiles.
	region = ap-southeast-2

	[profile farhan]
	#region = ap-southeast-2
	role_arn = arn:aws:iam::674486510127:role/admin-sudo
	mfa_serial = arn:aws:iam::674486510127:mfa/farhan

	NOTE: I have applied admin-sudo role to myself.
	admin-sudo role has already been created in aws management console.

	Instead of storing access_key_id and seceret key into shared crednetials file inside ~.aws folder
	we will use aws-vault for that matter.

	Run command to securely store your credentials into MAC OS keychain or windows credential mnanager.
	# store credentials for the "farhan" profile.
	$ aws-vault add farhan
	Enter Access Key Id: ABDCDEFDASDASF
	Enter Secret Key: %%%

	for the first time aws-vault will create a aws-vault db file @
	~/Library/Keychains/ named aws-vault.keychain-db

	keychain app popup will open to allocate password for your newly created aws-vault db file.

	In order to view this file in your mac os keychain app do following
	https://github.com/99designs/aws-vault/issues/444

	Open Keychain Access.app
	File > Add Keychain, or Option+Click in the list of keychains and pick Add Keychain
	Navigate to ~/Library/Keychains/ and pick aws-vault.keychain-db
	You should be able to see it in the list of keychains on the left now

	Now in order to login into aws managent console with user farhan assuming role admin-sudo
	$aws-vault login farhan
	keychain popup to enter password for keychain app to access keys for profile farhan
	Then it will ask you to enter MFA code from your configured mobile device.
	Finally
	This it will log you in as admin-sudo and browser will open in aws managment console.