Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[design] Enable temporary creds for environment initialization #1228

Closed
efekarakus opened this issue Aug 3, 2020 · 0 comments · Fixed by #1261
Closed

[design] Enable temporary creds for environment initialization #1228

efekarakus opened this issue Aug 3, 2020 · 0 comments · Fixed by #1261
Labels
area/creds Issues about credentials. type/design Issues that are design proposals.

Comments

@efekarakus
Copy link
Contributor

Problem statement

As of Copilot v0.2.0, users cannot use temporary credentials while creating an environment (#1068, #1104).
We want to support this use case, while still making it clear that the default credential provider chain is used to look up application metadata and hence should prefer long lived profiles.

Proposal

To satisfy the new requirement, we'll update the env init prompt as follows after the users input their environment name:

$ copilot env init

Name: prod-iad

These credentials will be used only for creating your environment.

Which credentials would you like to use to create prod-iad?
> Use temporary credentials
> [profile default]
> [profile test]
> [profile prod-iad]
> [profile prod-pdx]

If the user chooses a profile, then we'll continue down the existing flow and start creating the environment stack.

If user chooses to enter temporary credentials, then we will populate the defaults with values from their default credential provider.

Name: prod-iad

These credentials will be used only for creating your environment.

Credential source: temporary credentials

  What's your AWS Access Key ID?     (***************ZDQY)
  What's your AWS Secret Access Key? (***************2pA/)
  What's your AWS Session Token ?    (****************asdf)
  Which region? (us-west-2)

We'll introduce new flags to match the new prompts:

$ copilot env init --help
Creates a new environment in your application.

Usage
  copilot env init [flags]

Flags
  -h, --help             help for init
  -n, --name string      Name of the environment.
      --prod             If the environment contains production services.
      --profile string   Name of the profile. Exclusive with temporary credential flags.  # New description.
      --aws-access-key-id string       Temporary access key ID.               # New flag.
      --aws-secret-access-key string   Temporary secret access key.           # New flag.
      --aws-session-token string       Temporary session token.               # New flag.
      --region string    Name of the region to create the environment in.     # New flag.

Global Flags
  -a, --app string   Name of the application.

The new --region flag allows us to satisfy #1115.

Finally, we will update $ copilot init to use the default credential provider instead of the "default" profile for initializing your "test" environment.
@efekarakus efekarakus added type/design Issues that are design proposals. area/creds Issues about credentials. labels Aug 3, 2020
This was referenced Aug 3, 2020
Closed
Closed
Merged
mergify bot pushed a commit that referenced this issue Aug 5, 2020
@efekarakus
chore(cli): log warning if credentials for app init are from env vars (
b78ecf8 
…#1231)

Related #1228 

_By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
efekarakus added a commit to efekarakus/copilot-cli that referenced this issue Aug 6, 2020
@efekarakus
chore(cli): validate temp credentials in "env init"
ad39578 
Related aws#1228
@efekarakus efekarakus mentioned this issue Aug 6, 2020
Merged
efekarakus added a commit to efekarakus/copilot-cli that referenced this issue Aug 6, 2020
@efekarakus
chore(cli): validate temp credentials in "env init"
954d7e6 
Related aws#1228
mergify bot pushed a commit that referenced this issue Aug 6, 2020
@efekarakus
chore(cli): enable creating environments from temporary creds (#1236)
afe9caa 
- Add the struct to hold temporary credentials.
- Validate temp credentials flags.
- Create clients from temporary credentials if specified.

The PR to ask for the credentials, updating `env delete`, and `env init` will be follow-ups.

Related #1228 

_By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
@efekarakus efekarakus mentioned this issue Aug 11, 2020
Merged
mergify bot pushed a commit that referenced this issue Aug 11, 2020
@efekarakus
chore(selector): add credentials selector (#1256)
51de92d 
Related #1228 

_By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
efekarakus added a commit to efekarakus/copilot-cli that referenced this issue Aug 12, 2020
@efekarakus
feat(cli): enable using temp creds when initializing an env
f83e419 
Resolves aws#1228
@efekarakus efekarakus mentioned this issue Aug 12, 2020
Merged
@mergify mergify bot closed this as completed in #1261 Aug 12, 2020
mergify bot pushed a commit that referenced this issue Aug 12, 2020
@efekarakus
feat(cli): enable using temp creds when initializing an env (#1261)
f075829 
Resolves #1228 and resolves #1115 

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
@efekarakus efekarakus mentioned this issue Aug 24, 2020
Closed
@tsingh2k15 tsingh2k15 mentioned this issue Oct 20, 2021
Open
@efekarakus efekarakus moved this to Complete in Copilot Roadmap 🗺️ Nov 13, 2022
thrau pushed a commit to localstack/copilot-cli-local that referenced this issue Dec 9, 2022
@efekarakus @thrau
chore(selector): add credentials selector (aws#1256)
25ff72e 
Related aws#1228 

_By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice._
thrau pushed a commit to localstack/copilot-cli-local that referenced this issue Dec 9, 2022
@efekarakus @thrau
feat(cli): enable using temp creds when initializing an env (aws#1261)
6ab3f24 
Resolves aws#1228 and resolves aws#1115 

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/creds Issues about credentials. type/design Issues that are design proposals.
Projects
Copilot Roadmap 🗺️
Status: Complete
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(cli): enable using temp creds when initializing an env efekarakus/copilot-cli
1 participant
@efekarakus