Configure your Workspace

Accessing Cloud9 Workspace

Go to the Cloud9 console and select the workspace that was created for this workshop. When running at an AWS event it will come up with a name such as mod-XXXXXXXXXXXXXXXX. Click on Open IDE

Cloud9 Open IDE

Once in you should get the familiar look and feel of IDE’s. With a file navigation panel on your left hand side, an Editor on the top right panel and a terminal on the bottom right panel. We will use the terminal and in some cases the editor.

Cloud9 normally manages IAM credentials dynamically. This isn’t currently compatible with the EKS IAM authentication, so we will disable it and rely on the IAM role instead.

Configuring Workspaces credentials

  • Return to your workspace and click the sprocket, or launch a new tab to open the Preferences tab
  • Select AWS SETTINGS
  • Turn off AWS managed temporary credentials
  • Close the Preferences tab
Disable Cloud9 IAM

To ensure temporary credentials aren’t already in place we will also remove any existing credentials file:

rm -vf ${HOME}/.aws/credentials

Validate the IAM role

Use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.

aws sts get-caller-identity

Validating the IAM Role when running at an AWS event

The output assumed-role name should contain:

TeamRole

If the Arn contains the role name from above and an Instance ID, you may proceed.

{
    "Account": "123456789012", 
    "UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef", 
    "Arn": "arn:aws:sts::216876048363:assumed-role/TeamRole/i-0dd09eac19be01448"
}

Validating the IAM Role when running on your own

The output assumed-role name should contain:

htc-worskhop-admin

If the Arn contains the role name from above and an Instance ID, you may proceed.

{
    "Account": "123456789012", 
    "UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef", 
    "Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}