Skip to content

Commit

Permalink
Seed iam role update (#735)
Browse files Browse the repository at this point in the history
* Git repo url

* Editing Seed IAM role steps
  • Loading branch information
jayair authored Sep 15, 2023
1 parent a24714b commit cce192c
Show file tree
Hide file tree
Showing 11 changed files with 39 additions and 17 deletions.
8 changes: 7 additions & 1 deletion _chapters/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,10 +23,16 @@ You can get these updates emailed to you via our [newsletter]({% link newsletter

### Changes

#### [v8.0: {{ site.data.changelog.current.title }}](https://branchv80.archives.sst.dev/) (Current)
#### [v8.0.1: {{ site.data.changelog.current.title }}](https://branchv801.archives.sst.dev/) (Current)

{{ site.data.changelog.current.desc }}

- [Tutorial changes]({{ site.github_repo }}/compare/v8.0...v8.0.1)

#### [v8.0: {{ site.data.changelog.v8-0.title }}](https://branchv80.archives.sst.dev/)

{{ site.data.changelog.v8-0.desc }}

- [Tutorial changes]({{ site.github_repo }}/compare/v7.4...v8.0)
- [Demo notes app source]({{ site.sst_demo_repo }}/compare/v1.4...v2.0)

Expand Down
42 changes: 27 additions & 15 deletions _chapters/setting-up-your-project-on-seed.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,34 +28,46 @@ Next, Seed will automatically detect the `sst.config.ts` file in your repo. Clic

![SST app detected](/assets/part2/sst-app-detected.png)

Seed deploys to your AWS account on your behalf. You should create a separate IAM user with exact permissions that your project needs. You can read more about this [here](https://seed.run/docs/customizing-your-iam-policy). But for now we'll simply use the one we've used in this tutorial.
Seed uses an IAM role to deploy to your AWS account on your behalf. It's more secure than the IAM user we created previously in this guide. An IAM role gives Seed temporary IAM credentials to deploy your app. These credentials expire after a short period of time.

{%change%} Run the following command.
![Seed AWS IAM Role form](/assets/part2/seed-aws-iam-role-form.png)

``` bash
$ cat ~/.aws/credentials
```
You should create this IAM role with the exact permissions that your project needs. You can read more about this [here](https://seed.run/docs/customizing-your-iam-policy). But for now we'll simply use the default one.

The output should look something like this.
![Seed create IAM role](/assets/part2/seed-create-iam-role.png)

``` txt
[default]
aws_access_key_id = YOUR_IAM_ACCESS_KEY
aws_secret_access_key = YOUR_IAM_SECRET_KEY
```
Click the **Create an IAM Role using CloudFormation** button. This will send you to the AWS Console and ask you to create a CloudFormation stack.

Seed will also create a couple of stages (or environments) for you. By default, it'll create a **dev** and a **prod** stage using the same AWS credentials. You can customize these but we'll use the defaults.
![AWS create CloudFormation stack](/assets/part2/aws-create-cloudformation-stack.png)

Scroll down, **confirm** the checkbox at the bottom and click **Create stack**.

![AWS click create CloudFormation stack](/assets/part2/aws-click-create-cloudformation-stack.png)

Fill in the credentials and click **Add a New App**.
It will take a couple of minutes to create the stack. Once complete, click the **Outputs** tab.

![AWS CloudFormation stack outputs](/assets/part2/aws-cloudformation-stack-outputs.png)

Copy the **RoleArn value**. Ours looks something like this.

```text
arn:aws:iam::206899313015:role/seed/seed-role-SeedRole-BXQYLZX7AB8J
```

Now back in Seed, you can paste the credentials.

![Add AWS IAM credentials](/assets/part2/add-aws-iam-credentials.png)

Your new app is created. You'll notice a few things here. First, we have a service called **notes**. It's picking up the name from our `sst.config.ts` file. You can choose to change this by clicking on the service and editing its name. You'll also notice the two stages that have been created.
Seed will also create a couple of stages (or environments) for you. By default, it'll create a **dev** and a **prod** stage using the same AWS credentials. You can customize these but we'll use the defaults.

Our app can have multiple services within it. A service (roughly speaking) is a reference to a `sst.config.ts` or `serverless.yml` file (for Serverless Framework). In our case we just have the one service.
Finally click **Add a New App**.

Your new app is created. You'll notice a few things here. First, we have a service called **notes**. It's picking up the name from our `sst.config.ts` file. You can choose to change this by clicking on the service and editing its name. You'll also notice the two stages that have been created.

![Seed app homepage](/assets/part2/seed-app-homepage.png)

Our app can have multiple services within it. A service (roughly speaking) is a reference to a `sst.config.ts` or `serverless.yml` file (for Serverless Framework). In our case we just have the one service.

Now before we proceed to deploying our app, we need to enable running unit tests as a part of our build process. You'll recall that we had added a couple of tests back in the [unit tests]({% link _chapters/unit-tests-in-serverless.md %}) chapter. And we want to run those before we deploy our app.

To do this, hit the **Settings** link and click **Enable Unit Tests**.
Expand Down
4 changes: 4 additions & 0 deletions _data/changelog.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
current:
title: "Updating Seed to IAM roles"
desc: "Sep 15, 2023: Minor changes to the setting up your project on Seed chapter."

v8-0:
title: "Updating to TypeScript"
desc: "Aug 31, 2023: Using TS by default, switching to pnpm, and using Vite instead of Create React App. And archiving old chapters."

Expand Down
2 changes: 1 addition & 1 deletion _includes/footer.html
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@
? parseFloat((num / 1000).toFixed(1)) + "k"
: num;
}
$.ajax("https://api.github.com/repos/serverless-stack/sst")
$.ajax("https://api.github.com/repos/sst/sst")
.done(function(data) {
$("#github-star-count").text(formatStars(data.stargazers_count));
});
Expand Down
Binary file modified assets/part2/add-aws-iam-credentials.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/part2/aws-create-cloudformation-stack.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/part2/seed-aws-iam-role-form.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/part2/seed-create-iam-role.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified assets/part2/sst-app-detected.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit cce192c

Please sign in to comment.