Skip to content

Commit

Permalink
Merge pull request #729 from aws/shovlia/docs-cdk-assume-role
Browse files Browse the repository at this point in the history 
docs: Update credentials documentation to discuss assuming CDK deployment roles, and document the --output parameter on the deployment-project command.
  • Loading branch information
@ashovlin
ashovlin authored Nov 30, 2022
2 parents 3b2b6b2 + 0555873 commit 9431c11
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 10 deletions.
22 changes: 14 additions & 8 deletions site/content/docs/commands/project.md
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,26 @@
# deployment-project generate command

### Usage
dotnet aws deployment-project - Generates and saves the deployment CDK project in the user provided location.

`dotnet aws deployment-project` - Generates and saves the deployment CDK project in the user provided location.

### Synopsis
dotnet aws deployment-project generate [-d|--diagnostics] [-s|--silent] [--profile <PROFILE>] [--region <REGION>] [--project-path <PROJECT-PATH>] [--project-display-name <DISPLAY-NAME>]

```
dotnet aws deployment-project generate [-o|--output <OUTPUT-PATH>] [-d|--diagnostics] [--project-path <PROJECT-PATH>] [--project-display-name <DISPLAY-NAME>]
```

### Description
Generates and saves the [deployment CDK project](../deployment-projects/index.md) in a user provided directory path without proceeding with a deployment. Allows user to customize the CDK project before deploying the application.
Generates and saves the [deployment CDK project](../deployment-projects/index.md) in a user-provided directory without proceeding with a deployment. This allows the user to customize the CDK project before deploying the application.

* The `--output` switch sets the directory where the deployment project will be saved.
* The `--project-display-name` switch sets the name that will be shown when the .NET project is being deployed.
* The `--output` switch sets the directory where the CDK deployment project will be saved.
* The `--project-path` switch sets the path to the project to generate a deployment project for.
* The `--project-display-name` switch sets the name of the deployment project that will be displayed in the list of available deployment options.

### Examples

This example creates a deployment project from the .NET project in the current directory. The deployment project will be saved to a sibling directory called CustomDeploymentProject. The name _"Team custom deployment project"_ will be displayed in the list of the available deployment options.

dotnet aws deployment-project generate --output ../CustomDeploymentProject --project-display-name "Team custom deployment project"
This example creates a deployment project from the .NET project in the current directory. The deployment project will be saved to a sibling directory called CustomDeploymentProject. The name _"Team custom deployment project"_ will be displayed in the list of the available deployment options.

```
dotnet aws deployment-project generate --output ../CustomDeploymentProject --project-display-name "Team custom deployment project"
```
22 changes: 20 additions & 2 deletions site/content/docs/getting-started/setup-creds.md
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,28 @@
# Setting up credentials

AWS.Deploy.Tools, internally uses a variety of different tools and services to host your .NET application on AWS. To run the AWS Deploy Tool, you must configure a credential profile that provides access to the AWS account you wish to deploy to. Your credentials must have permissions for certain services, depending on the tasks that you're trying to perform.
The AWS Deploy Tool for .NET internally uses a variety of different tools and services to host your .NET application on AWS. To run the AWS Deploy Tool, you must configure a credential profile that provides access to the AWS account you wish to deploy to. Your credentials must have permissions for certain services, depending on the tasks that you're trying to perform.

### Recommended policies

The following are some examples of the typical permissions that are required.
The AWS Deploy Tool for .NET uses [AWS Cloud Development Kit (CDK)](https://docs.aws.amazon.com/cdk/v2/guide/home.html) to create the AWS infrastructure needed to deploy your application. Deploying via AWS CDK will assume roles that were created when [bootstrapping](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html) CDK for the account and region you are deploying into. Ensure that the profile you are deploying with has permission to assume the CDK deployment roles. This can be done with a policy such as:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam::*:role/cdk-*"
]
}
]
}
```

In addition to permission to assume the CDK deployment roles, the following are examples of using [AWS managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies) to provide additional permissions that are required for different commands.

> *Note: Additional permissions might be required, depending on the type of application you're deploying and the services it uses.*
Expand Down

0 comments on commit 9431c11

Please sign in to comment.