Comments (6)
I saw this:
Is there a need to tell mkit to use ~/.aws/credentials ....setting the ENV variables breaks my cluster access
USING THE CHEF INSPEC TARGET OPTION TO PROVIDE CREDENTIALS ON AWS
Look for a file in your home directory named ~/.aws/credentials. If it does not exist, create it. Choose a name for your profile; here, we’re using the name ‘auditing’. Add your credentials as a new profile, in INI format:
[auditing]
aws_access_key_id = AKIA....
aws_secret_access_key = 1234....abcd
You may now run Chef InSpec using the --target / -t option, using the format -t aws://region/profile. For example, to connect to the Ohio region using a profile named ‘auditing’, use -t aws://us-east-2/auditing.
To verify your credentials, run
you$ inspec detect -t aws://
== Platform Details
Name: aws
Families: cloud, api
Release: aws-sdk-v2.10.125
from mkit.
If I'm understanding things correctly, your ~/.aws/credentials
is being written into with a custom profile name (not default
), so inside the container, it needs to know to use that profile instead. Try adding -e AWS_PROFILE=auditing
(or whatever the SAML provided profile name is in your credentials file) to line 54 of the Makefile. It may help to run make shell-eks
to get a shell inside the container with all the AWS envs and mounts in place so you can manually issue aws commands and validate auth came through.
from mkit.
It actually the profile is default in credentials:
[default]
output = json
region = us-west-2
aws_access_key_id = xxxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxxxxx
from mkit.
I just made a minor change to the mount path in the Makefile. Can you try it now?
If that doesn't work, can you test with something like AWS_REGION=us-west-2 AWS_ACCESS_KEY_ID=ASIAxxx AWS_SECRET_ACCESS_KEY=XXXyz make run-eks awsregion=us-east-1 clustername=eks1
from mkit.
That did the trick. Thanks!
from mkit.
Awesome! 👍
from mkit.
Related Issues (8)
- SSL validation failed for https://eks.us-east-1.amazonaws.com/clusters/ HOT 1
- Switch to inspect mode Issue
- Undefined method 'dig' for nil:NilClass HOT 20
- Support assume role with EKS HOT 2
- False positive on NAC/Ensure the AWS EKS Cluster is not public HOT 2
- ERROR: Could not find a valid gem 'cinc-auditor-bin' (= 4.18.51) in any repository HOT 1
- run Error HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mkit.