Skip to content

Latest commit

 

History

History
71 lines (57 loc) · 2.56 KB

quickstart.md

File metadata and controls

71 lines (57 loc) · 2.56 KB

Quickstart

Deploy DCE and lease an account quickly using the DCE CLI.

  1. Download the appropriate executable for your OS from the latest release. e.g. for mac, you should download dce_darwin_amd64.zip

  2. Unzip and move the executable to a directory on your PATH, e.g.

    # Download the zip file
curl -L -o dce_darwin_amd64.zip https://github.com/Optum/dce-cli/releases/latest/download/dce_darwin_amd64.zip

# Unzip to a directory on your path
unzip dce_darwin_amd64.zip -d /usr/local/bin

  3. Type dce init. Leave all fields blank for now.

  4. Deploy DCE using IAM Credentials that have AdministratorAccess

    export AWS_ACCESS_KEY_ID=XXXXXXXXXX
export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXX
dce system deploy

  5. Retrieve the DCE API url from API Gateway in your master account, and add it to the dce config file, e.g.

    api:
    host: abcdefghij.execute-api.us-east-1.amazonaws.com
    basepath: /api
region: us-east-1

  6. Prepare a second AWS account to be your first "DCE Child Account".

    • Create an IAM role with AdministratorAccess and a trust relationship to your DCE Master Accounts
    • Create an account alias in the IAM dashboard or using the AWS CLI command
    aws iam create-account-alias --account-alias examplealias

  7. Add your child account to the accounts pool

    dce accounts add --account-id <child-account-id> --admin-role-arn <child-account-cross-account-role-arn>

  8. Wait until the child account accountStatus is Ready

    dce accounts list
[
    {
        "accountStatus": "Ready",
        "adminRoleArn": "arn:aws:iam::555555555555:role/DCEMasterAccess",
        "createdOn": 1575485630,
        "id": "775788068104",
        "lastModifiedOn": 1575485630,
        "principalPolicyHash": "\"bc5872b50475b186afea67ff47516a8f\"",
        "principalRoleArn": "arn:aws:iam::775788768154:role/DCEPrincipal-quickstart"
    }
]

  9. Lease your child account

    dce leases create --budget-amount 100.0 --budget-currency USD --email [email protected] --principal-id quickstartuser

  10. Log in to your leased account using the --open-browser flag to open the AWS Console in your default web browser. See the howto guide <./howto.html#logging-into-a-leased-account>_ for more login options.

    dce leases login --open-browser <lease-id>