AWS Setup

This setup is only required if you need to provision and manage Datafye deployments in AWS (Distributed Self-managed deployments). If you're only working with local deployments, you can skip this section.

Overview

To deploy Datafye in AWS, you'll need:

  1. AWS credentials with appropriate permissions

  2. The AWS CLI v2 installed on your machine

  3. An AWS CLI profile configured for the Datafye CLI to use

Your AWS Account: Datafye uses your own AWS account and credentials. You maintain full control over your AWS infrastructure, resources, and costs. Datafye never has access to your AWS credentials or account.

AWS Authentication Methods

The Datafye CLI supports multiple AWS authentication methods. You can use whichever method best fits your organization's security policies:

  • IAM User Credentials (Access Key ID and Secret Access Key) - Most common for individual developers

  • IAM Identity Center (SSO) - For organizations using centralized identity management

  • Cross-Account Roles - For accessing AWS accounts across organizational boundaries

  • EC2 Instance Profiles - For running the CLI from EC2 instances

  • Other AWS credential chain methods - Any method supported by the AWS SDK

This guide focuses on the most common method: IAM User Credentials. For other authentication methods, consult the AWS CLI Configuration Documentation.

Install the AWS CLI

Install the AWS CLI v2 by following the official installation guide:

AWS CLI v2 Installation Guide

Verify AWS CLI Installation

After installation, verify the AWS CLI is available:

You should see output similar to:

Configure Your AWS Profile (IAM User Method)

This section covers the most common authentication method: IAM user credentials.

Prerequisites

You'll need AWS credentials with specific permissions to provision and manage Datafye deployments.

Required AWS Permissions:

The following IAM policy grants the necessary permissions:

These permissions are used for:

  • EC2 (including VPC) - Creating and managing virtual machines, networking (VPCs, subnets, security groups), and storage volumes

  • Route53 - Managing DNS records for deployment endpoints

Getting Credentials:

Your AWS administrator should:

  1. Create an IAM user for you (or assign you an IAM Identity Center user)

  2. Attach the policy above to your user or role

  3. Generate access credentials (Access Key ID and Secret Access Key for IAM users)

  4. Provide you with the credentials

You'll need:

  • AWS Access Key ID

  • AWS Secret Access Key

Create an AWS Profile

Open a terminal and run the following command to create a profile for Datafye:

You'll be prompted to enter your credentials and preferences:

You can use any profile name (not just "datafye"). You'll specify the profile name when provisioning deployments with the --profile parameter.

Region Selection:

  • Choose the AWS region where you want to provision Datafye deployments

  • Common choices: us-east-1, us-west-2, eu-west-1

  • You can override the default region per deployment using the --region parameter

Verify Your Profile

Test that your profile is configured correctly by running:

You should see output similar to:

If you see this output with your user information, your AWS profile is set up correctly.

Setup complete! You're now ready to provision and manage Datafye deployments in AWS using the Datafye CLI.

Using IAM Identity Center (SSO)

If your organization uses AWS IAM Identity Center (formerly AWS SSO), you can configure SSO authentication instead of using IAM user credentials.

Configure SSO Profile

Follow the prompts to:

  1. Enter your SSO start URL

  2. Choose your SSO region

  3. Authenticate via your browser

  4. Select the AWS account and role

  5. Name your profile (e.g., "datafye-sso")

Use SSO Profile with Datafye CLI

When provisioning, specify your SSO profile:

Important: Before running Datafye CLI commands, ensure your SSO session is active:

Multiple Profiles

You can configure multiple AWS profiles for different accounts or roles:

When provisioning, specify which profile to use:

Troubleshooting

Profile Not Found Error

If you receive a "profile not found" error when running commands, verify your profile exists:

You should see your profile name (e.g., datafye) in the list.

Permission Denied Errors

If you encounter permission errors when provisioning deployments:

  1. Verify your credentials are valid:

  2. Check your IAM user has the required permissions:

    • Your AWS administrator should verify that the IAM policy shown in the Prerequisites section is attached to your user or role

    • Required permissions: ec2:* and route53:*

  3. Contact your AWS administrator to verify and attach the necessary permissions

Credential Expiration (SSO/Temporary Credentials)

If using IAM Identity Center or temporary credentials and you see authentication errors:

Region Not Available

If you receive errors about services not being available in your region:

  1. Verify the region supports the required AWS services

  2. Try a different region (e.g., us-east-1)

  3. Override region when provisioning:

Security Best Practices

Credential Storage

  • AWS credentials are stored in ~/.aws/credentials

  • This file should have restricted permissions: chmod 600 ~/.aws/credentials

  • Never commit this file to version control

Credential Rotation

  • Regularly rotate your IAM user access keys

  • If using temporary credentials (SSO, assumed roles), they expire automatically

  • Monitor AWS CloudTrail for unauthorized API calls

Least Privilege

  • Request only the minimum AWS permissions needed for Datafye deployments

  • Use separate credentials for development vs production deployments

  • Consider using IAM roles with time-limited access

Multi-Factor Authentication (MFA)

  • Enable MFA on your IAM user for additional security

  • If MFA is required, you'll need to use temporary credentials:

Next Steps

Now that your AWS access is configured:

Last updated: 2025-10-22

PreviousInstallationNextCommands

Last updated