Initializing AWS Credentials#
- User needs: Governance, Security & Connectivity
- User profiles: Data Scientists, Data Engineers
- User assumed knowledge: how to use the command-line to install and use packages, how to add Windows environment variables (for WorkSpaces)
EC Data Platform provides users the ability to directly use AWS services via their respective API’s. Following services are currently supported: - Amazon S3 - Amazon Athena - Amazon Textract - Amazon Comprehend
In order to use those services, a user needs to have permissions to execute API calls. A user can obtain permissions in two ways:
- Obtaining temporary AWS credentials on your local desktop/WorkSpace by using your ec-dataplatform.eu account (Initializing AWS credentials).
- Obtaining permissions by using a deployed DSL resources that has these permissions attached. For example, if an Amazon EMR cluster has permissions to access an Amazon S3 bucket, users can execute jobs on this cluster that have access to Amazon S3.
This guide covers the first option. Initializing AWS credentials requires configuring your local desktop, laptop or Amazon WorkSpace with AWS credentials. As a user, you will need to initialize these credentials via aws-azure-login. This tool will sign you in to the ec-dataplatform.eu Active Directory and will initialize your local machine with valid AWS credentials via SSO. Depending on what permissions were requested for your DSL, a role will be attached to your AWS credentials. After successful initialization, you will be able to execute AWS CLI commands or use an AWS SDK such as boto3.
References
- https://github.com/sportradar/aws-azure-login
- https://aws.amazon.com/cli/
- https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
Installing Node.js#
- This can be skipped for Amazon WorkSpaces
AWS-Azure-Login is available as an npm package. Installing this package requires you to install Node.js. Node.js v7.6.0 or later is necessary.
Updating your PATH environment variable#
If you run into an issue where npm packages (such as aws-azure-login) are not being recognized by your command line, you might need to add the npm install location to your path.
Practically this means:
- In Command Prompt, enter “npm config get prefix”.
This will return the install location for npm packages. Copy the output
- In the Windows search bar, search for "environment", and go to "Edit environment variables for your account"
- Find the "PATH" variable and hit edit
- Add the output from the "npm config get prefix" command you previously ran
- Restart your command prompt
Installing AWS-Azure-Login#
You need to install aws-azure-login via npm if you are in Amazon WorkSpaces or on your local machine. Installation instructions are given for Windows desktops. For Linux desktops, please refer to the installation guide of aws-azure-login (https://github.com/sportradar/aws-azure-login).
- Open Command Prompt by entering “cmd” and pressing “Enter” in the start menu of Windows.
- In Command Prompt, enter “npm install –g aws-azure-login”.
After the installation is complete (see screenshot with successful installation), you need to add the path of npm packages to the Windows environment variables. This is done to enable using aws-azure-login without adding the path of the package to the command when executing from the command prompt. If you are using your local desktop and not Amazon WorkSpaces you will need to verify if you can execute npm packages with or without the path.
- For Amazon WorkSpaces: Enter “env” in the start menu of Windows and open “Edit the system environment variables”
- Open "Edit the system environment variables"
- Click on "Environment Variables"
- Click on "Path" and then on "Edit..."
- Add “D:\Users\USERNAME\AppData\Roaming\npm” after “…WindowsApps;” (Replace USERNAME with your username)
- Click on “Ok”.
- Add the path to npm to Windows Path
Configuring AWS-Azure-Login#
Configure your user profile by entering “aws-azure-login --configure” in command prompt.
- Azure Tenant ID: Communicated by EC Data Platform team
- Azure App ID URI: Communicated by EC Data Platform team
- Default Username: username@ecdataplatform.eu
You can use the default vales for the next configurations without issues. Replace username with your login name.
Initializing AWS credentials with AWS-Azure-Login#
- Enter “aws-azure-login” in the command prompt.
- Enter your account (username@ec-dataplatform.eu) and your user password.
After successfully initializing an AWS role on your local machine or Amazon WorkSpaces you are able to access AWS services that are attached to your account via AWS CLI or AWS SDK. The local AWS credentials file is updated with initialized AWS keys.
- Initialize AWS credentials with aws-azure-login