AWS Credentials#

To use Takomo, you must have valid AWS credentials configured. Takomo uses the AWS SDK for JavaScript under the hood, which supports multiple ways to provide credentials. For detailed information, refer to the official SDK documentation.

Using a Profile#

The simplest method for local development is to define a profile in your ~/.aws/credentials file. You can then provide it to Takomo using either the AWS_PROFILE environment variable or the --profile command-line option.

Step 1: Configure the profile#

1[my-profile]
2aws_access_key_id = <YOUR ACCESS KEY ID>
3aws_secret_access_key = <YOUR SECRET ACCESS KEY>

Step 2: Use the profile#

Option A: Set environment variable

1AWS_PROFILE=my-profile tkm stacks deploy

Option B: Use command-line option

1tkm stacks deploy --profile my-profile

Assuming Roles#

If your IAM user assumes roles in the same or different AWS accounts, you can configure a base profile with access keys and use that as the source_profile for role-based profiles.

Example configuration#

1[manager]
2aws_access_key_id = <YOUR ACCESS KEY ID>
3aws_secret_access_key = <YOUR SECRET ACCESS KEY>
4
5[account-a-admin]
6role_arn = arn:aws:iam::123456789012:role/admin
7source_profile = manager
8
9[account-b-readonly]
10role_arn = arn:aws:iam::210987654321:role/readonly
11source_profile = manager

Usage#

1tkm stacks deploy --profile account-a-admin

In this setup, the manager profile is used to assume the admin role in Account A or the readonly role in Account B.

Assuming Roles with MFA#

For roles that require MFA, include the mfa_serial property in the profile configuration.

Example#

1[manager]
2aws_access_key_id = <YOUR ACCESS KEY ID>
3aws_secret_access_key = <YOUR SECRET ACCESS KEY>
4
5[account-a-admin]
6role_arn = arn:aws:iam::123456789012:role/admin
7source_profile = manager
8mfa_serial = arn:aws:iam::224466880011:mfa/username

When executing commands, Takomo will prompt you to enter the MFA code:

1tkm stacks deploy --profile account-a-admin