Created
November 11, 2021 06:53
-
-
Save udaykirankavaturu/9d917af37590028e74220462d5419012 to your computer and use it in GitHub Desktop.
CDK Deploy on EC2 instance with temporary credentials
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo "** Hello! **" | |
echo "** Installing latest version of AWS CLI **" | |
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" | |
sudo installer -pkg AWSCLIV2.pkg -target / | |
echo "** AWS CLI installed **" | |
echo "\n" | |
echo "** Installing NPM and node.js **" | |
curl "https://nodejs.org/dist/latest/node-${VERSION:-$(curl -0 https://nodejs.org/dist/latest/ | sed -nE 's|.*>node-(.*)\.pkg</a>.*|\1|p')}.pkg" > "./node-latest.pkg" && sudo installer -store -pkg "./node-latest.pkg" -target "/" | |
node --version | |
echo "** NPM and Node.js installed **" | |
echo "\n" | |
echo "** Installing AWS CDK **" | |
sudo npm install -g aws-cdk | |
cdk --version | |
echo "** AWS CDK installed **" | |
echo "\n" | |
# detecting if script is run on an EC2 instance | |
if $(curl -s -m 5 http://169.254.169.254/latest/dynamic/instance-identity/document | grep -q availabilityZone) ; then | |
echo "** Configuring with EC2 temporary credentials **" | |
accountNumber=$(curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep accountId| awk '{print $3}'|sed 's/"//g'|sed 's/,//g') | |
roleName=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/${role_name}) | |
mkdir ~/.aws | |
cat <<EOF >~/.aws/credentials | |
[default] | |
role_arn = arn:aws:iam::$accountNumber:role/$roleName | |
credential_source = Ec2InstanceMetadata | |
region = us-east-1 | |
EOF | |
echo "** Credentials configured **" | |
echo "\n" | |
echo "** CDK Bootstrapping initiated in US-EAST-1 region **" | |
aws cloudformation create-stack --region us-east-1 --stack-name CDKToolkit --template-body file://bootstrap-template.yaml --capabilities CAPABILITY_NAMED_IAM | |
echo "** Bootstrapping completed **" | |
echo "\n" | |
else | |
echo "** Configuring AWS account **" | |
echo " Note: Please keep your AWS account access and secret key ready. " | |
echo " Provide \"us-east-1\" as the region for this deployment. " | |
aws configure | |
echo "** AWS account configured **" | |
echo "\n" | |
echo "** Bootstrapping AWS account **" | |
echo "What's your AWS account number?" | |
read accountNumber | |
region=$(aws configure get region) | |
cdk bootstrap aws://$accountNumber/$region | |
echo "** Bootstrapping completed **" | |
echo "\n" | |
echo "** Creating a mobrush IAM policy with necessary permissions **" | |
aws iam create-policy --policy-name mobrush-policy-cli --policy-document file://required-policies.json | |
echo "** Mobrush policy created **" | |
echo "\n" | |
echo "** Attaching mobrush policy to user **" | |
echo "What's your AWS account username?" | |
read username | |
aws iam attach-user-policy --policy-arn arn:aws:iam::$accountNumber:policy/mobrush-policy-cli --user-name $username | |
echo "** Mobrush policy attached to user - $username **" | |
echo "\n" | |
fi | |
echo "** All prerequisites installed **" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment