ElasticDW Docs

Command: environment init

The environment init is a helper command that downloads an AWS CloudFormation stack template (in YAML). This template contains the role that is needed for the managed service to manage resources in the target AWS account. The output is the template text, which can be copied or redirected to a file.

Currently, only CloudFormation is supported, in the future there may be other templates or methods to set up the access.

The AWS documentation provides an article on how to create a stack using the AWS CLI tool.

We recommend reviewing the policy for restrictions, but note that by adding additional restrictions to the policy could break managed service functionality. (Currently this is not least privilege).

Usage

edw environment init [options]

Options

  • -cloudformation - generates the AWS yaml template for the cloudformation stack.

Example: Output to Screen

$ edw environment init -cloudformation
AWSTemplateFormatVersion: 2010-09-09
Resources:
  edwRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: 'edw-access-role'
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              AWS:
                - 'arn:aws:iam::xxxx:root'
            Action:
              - 'sts:AssumeRole'
      Path: '/edw/access/role/'
      Policies:
        - PolicyName: 'edw-access-policy'
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action: '*'
                Resource: '*'
Outputs:
  edwRoleARN:
    Description: The ARN of the edw role
    Value: !GetAtt edwRole.Arn

Example: Output to file and use AWS CLI to create the stack

$ edw environment init -cloudformation > /tmp/edw_init_template.yml

$ aws cloudformation deploy \
    --template-file /tmp/edw_init_template.yml \
    --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM \
    --stack-name <my_edw_stack> \
    --parameter-override ClientId=$EDW_CLIENT_ID