.. _ssm_access: Running k9 on an EC2 Instance with SSM ====================================== Creating aws cli long-term access keys is a security risk. If these keys are ever leaked, it could be disastrous. The safer approach is to use credentials from IAM roles. An easy way to do this is to start a Systems Manager Agent (SSM Agent) and run k9 from there. Creating an ssm instance ------------------------ Setting up an ec2 instance requires setting up a vpc with all the proper access (`aws guide `_). There is a CloudFormation template included with k9 that should be used instead of manually creating the vpc and ec2 instance. The file can be found under k9/yaml/cfm/ssm-access.yml, or it can be copied to your current directory by running k9 get ssm-template. Upload it by going to CloudFormation > Stacks > Create Stack > With new resources > Upload a template file. The select your file, enter a stack name, and create. Using k9 on the ssm instance ---------------------------- On the AWS console select AWS Systems Manager > Session Manager > Start Session and select the instance created by the CloudFormation stack. The following script is run on the ec2 instance created by the CloudFormation stack. :: #!/bin/bash yum update -y # Enable SSM yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm systemctl enable amazon-ssm-agent systemctl start amazon-ssm-agent # install git sudo yum install git -y cd ~ # install pipenv python3 -m pip install pipenv # install kubectl curl -o kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/kubectl chmod +x ./kubectl mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc # install helm curl -L https://git.io/get_helm.sh | bash -s -- --version v3.8. If git, pipenv, kubectl, or helm failed to install, you may try the commands listed above again. Kubectl and Helm must be properly installed for k9 to function properly. Once you log into the instance, you should run :: cd ~ aws configure # skip the access key, and secret access key inputs. Enter your region and json as the default output. git clone cd mkdir cd mkdir .venv python3 -m pipenv install python3 -m pipenv shell Now you are in the pipenv shell inside of your repository for k9 output files, and should install k9. If the version of k9 you want is on normal pypi, simply run. :: pip install k9== If you are installing from test.pypi, run :: pip install -i https://test.pypi.org/pypi/ --extra-index-url https://pypi.org/simple k9== `k9 pypi `_ `k9 test.pypi `_