Last active
September 24, 2019 21:21
-
-
Save oskapt/6c7bec1d3447a190377fe4fb71514ab8 to your computer and use it in GitHub Desktop.
Velero AWS Setup Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Set BUCKET and REGION before continuing. If you want to use a | |
| # different IAM user name or if you use a different AWS profile | |
| # for connecting, you can set those as well. | |
| BUCKET= | |
| REGION= | |
| VELERO_USER=velero | |
| AWS_PROFILE=default | |
| if [[ -z ${BUCKET} || -z ${REGION} ]]; then | |
| echo "Please set \$BUCKET and \$REGION at the top of the script." | |
| exit 1 | |
| fi | |
| echo "Creating bucket ${BUCKET}" | |
| if [[ ${REGION} -eq "us-east-1" ]]; then | |
| aws --profile ${PROFILE} s3api create-bucket \ | |
| --bucket ${BUCKET} \ | |
| --region ${REGION} | |
| else | |
| aws --profile ${PROFILE} s3api create-bucket \ | |
| --bucket ${BUCKET} \ | |
| --region ${REGION} \ | |
| --create-bucket-configuration LocationConstraint=${REGION} | |
| fi | |
| echo "Creating IAM user ${VELERO_USER}" | |
| aws --profile ${PROFILE} iam create-user --user-name ${VELERO_USER} | |
| cat > velero-policy.json <<EOF | |
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:DescribeVolumes", | |
| "ec2:DescribeSnapshots", | |
| "ec2:CreateTags", | |
| "ec2:CreateVolume", | |
| "ec2:CreateSnapshot", | |
| "ec2:DeleteSnapshot" | |
| ], | |
| "Resource": "*" | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:GetObject", | |
| "s3:DeleteObject", | |
| "s3:PutObject", | |
| "s3:AbortMultipartUpload", | |
| "s3:ListMultipartUploadParts" | |
| ], | |
| "Resource": [ | |
| "arn:aws --profile ${PROFILE}:s3:::${BUCKET}/*" | |
| ] | |
| }, | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "s3:ListBucket" | |
| ], | |
| "Resource": [ | |
| "arn:aws --profile ${PROFILE}:s3:::${BUCKET}" | |
| ] | |
| } | |
| ] | |
| } | |
| EOF | |
| echo "Creating IAM Profile for ${VELERO_USER}" | |
| aws --profile ${PROFILE} iam put-user-policy \ | |
| --user-name ${VELERO_USER} \ | |
| --policy-name ${VELERO_USER} \ | |
| --policy-document file://velero-policy.json | |
| rm velero-policy.json | |
| echo "Please create credentials-velero with the access credentials before continuing." | |
| echo "See https://velero.io/docs/v1.1.0/aws-config/ for more information." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment