Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

added mfa docs #351

Merged
merged 3 commits into from
Dec 17, 2021
Merged

added mfa docs #351

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2ea37b0
added mfa docs
zagronitay Dec 15, 2021
e75c508
Merge branch 'main' into feat/mfa-docs
roneli Dec 15, 2021
147c9b8
Update docs/index.md
roneli Dec 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions docs/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ To authenticate CloudQuery with your AWS account you can use any of the followin

## Configuration

The following configuration section can be automaticlly generated by `cloudquery init aws`:
The following configuration section can be automatically generated by `cloudquery init aws`:

```hcl
provider "aws" {
Expand All @@ -48,15 +48,15 @@ provider "aws" {
}
```

By default cloudquery will fetch all configuration from **all** resources in **all** regions in the **default** account. You can change this behaviour with the following arguments:
By default, cloudquery will fetch all configuration from **all** resources in **all** regions in the **default** account. You can change this behaviour with the following arguments:
roneli marked this conversation as resolved.
Show resolved Hide resolved

### Arguments

- `accounts` **(Optional)** - Specify multiple accounts to fetch data from them concurrently and then query across accounts. The default configured account should be able [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html) to the specified accounts.
- `regions` **(Optional)** - limit fetching to specific regions.
- `max_retries` **(Optional)** - The maximum number of times that a request will be retried for failures. Defaults to 5 retry attempts.
- `max_backoff` **(Optional)** - The maximum back off delay between attempts. The backoff delays exponentially with a jitter based on the number of attempts. Defaults to 60 seconds.
- `aws_debug` **(Optiona)** - This will print very verbose/debug output from AWS SDK. Defaults to false.
- `aws_debug` **(Optional)** - This will print very verbose/debug output from AWS SDK. Defaults to false.

### Assume Role

Expand All @@ -80,6 +80,23 @@ provider "aws" {
}
```

### Assume Role with MFA

In order to assume role with MFA, you need to request temporary credentials using STS "get-session-token".

```bash
aws sts get-session-token --serial-number <YOUR_MFA_SERIAL_NUMBER> --token-code <YOUR_MFA_TOKEN_CODE> --duration-seconds 3600
```

export the temporary credentials to your environment variables.

```bash
export AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
export AWS_SESSION_TOKEN=<YOUR_SESSION_TOKEN>
```


## Query Examples

### Find all public facing load balancers
Expand Down