Installing AWS CLI for IAM role based authentication

Are there any recommendations for installing the aws cli during deploy?

The reason I ask is because I’m trying to implement AWS IAM role based authentication v. using key/secrets per their recommendation. However, the issue is that the AWS CLI Ruby SDK depends on the ~/.aws/ config and credential files to exists in order to properly configure this method of authentication. Note here, Assume role credential provider - AWS SDKs and Tools, where credential_source is picked up from the config (just one example).

This issue is also documented in these issues:

I did a test run of installing the AWS CLI via ssh however, this ended up in a dead end:

$ sudo ./aws/install
bash: sudo: command not found
$ ./aws/install
mkdir: cannot create directory ‘/usr/local/aws-cli’: Read-only file system

So my guess is that I would need to build a custom docker image to support this. Which make sense, but hoping there is some boilerplate I could use to support role based authentication.

Hi there,

You will need to download and install the AWS CLI during your build. The install command has the --install-dir and --bin-dir which you should be able to set to something under /opt/render/project (I would use something like .awscli). This shouldn’t need sudo if you use these options.

I would also use our build cache, so you don’t need to install it every build. Something like this should work (note I’ve not tested this script):

#!/usr/bin/env bash# exit on errorset -o errexitAWS_CLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zipAWS_CLI_DIR=/opt/render/project/.awscli# Store/pull AWS CLI install from Render build cacheif [[! -d $AWS_CLI_DIR]]; then if [[! -d $XDG_CACHE_HOME/.awscli]]; then echo "... Installing AWS CLI and caching" mkdir -p $AWS_CLI_DIR mkdir -p $AWS_CLI_DIR/tmp curl --silent --show-error --fail -o $AWS_CLI_DIR/tmp/awscli.zip $AWS_CLI_URL unzip -qq -d $AWS_CLI_DIR/tmp $AWS_CLI_DIR/tmp/awscli.zip $AWS_CLI_DIR/tmp/aws/install --install-dir $AWS_CLI_DIR/aws-cli --bin-dir $AWS_CLI_DIR/bin $AWS_CLI_DIR/bin/aws --version rm -rf $AWS_CLI_DIR/tmp cp -R $AWS_CLI_DIR $XDG_CACHE_HOME else  echo "... Restoring AWS CLI from build cache"  cp -R $XDG_CACHE_HOME/.awscli $AWS_CLI_DIR fifi# be sure to add AWS CLI's bin location to the PATH as part of your Start Command# export PATH="${PATH}:/opt/render/project/.awscli/bin"# add your own build commands ...

Regards,
Keith
Render Support, UTC+10 :australia:

Hi there,

You will need to download and install the AWS CLI during your build. The install command has the --install-dir and --bin-dir which you should be able to set to something under /opt/render/project (I would use something like .awscli). This shouldn’t need sudo if you use these options.

I would also use our build cache, so you don’t need to install it every build. Something like this should work (note I’ve not tested this script):

#!/usr/bin/env bash# exit on errorset -o errexitAWS_CLI_URL=https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zipAWS_CLI_DIR=/opt/render/project/.awscli# Store/pull AWS CLI install from Render build cacheif [[! -d $AWS_CLI_DIR]]; then if [[! -d $XDG_CACHE_HOME/.awscli]]; then echo "... Installing AWS CLI and caching" mkdir -p $AWS_CLI_DIR mkdir -p $AWS_CLI_DIR/tmp curl --silent --show-error --fail -o $AWS_CLI_DIR/tmp/awscli.zip $AWS_CLI_URL unzip -qq -d $AWS_CLI_DIR/tmp $AWS_CLI_DIR/tmp/awscli.zip $AWS_CLI_DIR/tmp/aws/install --install-dir $AWS_CLI_DIR/aws-cli --bin-dir $AWS_CLI_DIR/bin $AWS_CLI_DIR/bin/aws --version rm -rf $AWS_CLI_DIR/tmp cp -R $AWS_CLI_DIR $XDG_CACHE_HOME else  echo "... Restoring AWS CLI from build cache"  cp -R $XDG_CACHE_HOME/.awscli $AWS_CLI_DIR fifi# be sure to add AWS CLI's bin location to the PATH as part of your Start Command# export PATH="${PATH}:/opt/render/project/.awscli/bin"# add your own build commands ...

Regards,
Keith
Render Support, UTC+10 :australia: