Skip to content

Latest commit

 

History

History
45 lines (27 loc) · 2.73 KB

setup.md

File metadata and controls

45 lines (27 loc) · 2.73 KB
Raw

Pinecone AWS Reference Architecture setup

These instructions are a more in-depth version of our Quickstart Guide.

Install Pulumi

Follow Pulumi's setup instructions here

Get AWS access credentials

DO NOT USE YOUR ROOT USER ACCOUNT FOR PULUMI OR ANYTHING ELSE

Create an IAM user, ideally named pulumi, and check the box to grant this IAM user AWS console permissions, and download the CSV file with the IAM user's credentials when prompted. Alternatively, save the IAM user's login information in a password manager like BitWarden.

You can directly attach the Administrator permission to your IAM user if you're running this for development purposes in your own AWS account.

Save your AWS credentials securely

In addition to securely saving your IAM user's login information, you also need to securely store your IAM user's AWS Key ID and AWS secret key values (these are the security credentials you create on the IAM user's page after signing back into the console as the IAM user).

I recommend putting them in a password manager like BitWarden or a secure (encrypted) note service.

Configure AWS credentials file

Normally I'd recommend against doing this (because it keeps your secrets stored in plaintext in your home drive), but it seems to work best with the pulumi CLI so far. If you're concerned with security and best practices, recommend setting up and learning to use aws-vault

Follow the instructions on this page to add your credentials to your ~/.aws/credentials file - the most straightforward way to do this is via the aws CLI which you can install via homebrew if you don't already have it.

Run the aws configure command as demonstrated in the above instructions. After entering your Key ID and secret key, open ~/.aws/credentials and ensure that your profile was created correctly with the key ID and secret key values. If this is your first AWS profile managed via the credentials file, you will notice it is named [default]. I recommend changing this to pulumi and saving the file. This will make it easier to understand what is happening when you next look at this file 7 months from now.

Next, tell the pulumi toolchain to use this AWS profile going forward:

pulumi config set aws:profile pulumi

Test that you can run the index.ts pulumi configuration by running pulumi up with no other flags - as this will attempt to use the AWS credentials you have set in your credentials file and configured the pulumi CLI to use when making API calls to AWS.