AWS Cloud9 Setup

AWS Cloud9 is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser. You will build docker images and push them to container repositories. To do so, you need to athorize Cloud9 first to access Amazon ECR using IAM role.

Check IAM Role and EC2 Instance Profile

  1. Move to AWS IAM and select Roles from the left navigation pane.
  2. You already created WorkstationRole for Cloud9 when you deployed CloudFormation stack. Type workstationrole to search the role.
  3. Click ecs-demogo-WorkstationRole. You will find more details including Instance Profile ARNs of ecs-demogo-WorkstationProfile. Amazon EC2 uses an instance profile as a container for an IAM role. Check this role is attached AmazonEC2ContainerRegistryFullAccess policy.

Modify IAM Role of Cloud9 Instance

  1. Move to Amazon EC2 and go to Instances. You will find aws-cloud9-ecsworkshop instance.
  2. Select aws-cloud9-ecsworkshop, and click Actions. Select Security and click Modify IAM role.
  3. Select ecs-demogo-WorkstationProfile. (Numbers and alphabets after WorkstationProfile can be different.)

Cloud9 IDE Setting

  1. Go to AWS Cloud9 and select ecsworkshop, click Open IDE.
  2. Click the gear icon to open Preference setting window. Move to AWS SETTINGS from the menu bar.
  3. Turn off AWS managed temporary credentials.
  4. Close Preference tab. Run command to eliminate temporary credentials.
rm -vf ${HOME}/.aws/credentials
  1. Run GetCallerIdentity command to confirm if Cloud9 IDE uses ecs-demogo-WorkstationRole as we intend.
aws sts get-caller-identity --query Arn | grep ecs-demogo
  1. Update and install CLI tools.
sudo pip install --upgrade awscli
sudo yum install -y jq
  1. Set your current region as default.
export AWS_REGION=$(curl -s | jq -r '.region')
echo "export AWS_REGION=${AWS_REGION}" | tee -a ~/.bash_profile
aws configure set default.region ${AWS_REGION}
  1. Check the default region.
aws configure get default.region