From b8a2058c42920ca7161ea502d7c8710721249b67 Mon Sep 17 00:00:00 2001 From: "Axel Garcia K." Date: Thu, 9 Oct 2025 10:01:44 +0100 Subject: [PATCH 1/4] NRL-1669 Add instructions to set-up AWS CLI access and client certs --- README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/README.md b/README.md index 43a979853..b378d6ffd 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,36 @@ Then install all the dependency packages with: make configure ``` +### Set up AWS CLI access + +There are several ways to set up your AWS CLI access. The recommended way is to use [granted](https://docs.commonfate.io/granted/getting-started). Follow the instructions on their website to install and configure `granted`. + +One of the gotchas with using `granted` is that you need to ensure that you source the environment variables into your shell session. You can do this by running: + +``` +source assume +``` + +Where `` is one of the profiles which should be in your `~/.aws/config`. You can customize the profile names to your liking. + +From here on, you can use the AWS CLI as normal and run commands that need AWS access on that terminal session. + +As a short guideline about profiles to assume for a typical workflow: + +- Assume mgmt account for stack specific terraform deployment as indicated in `terraform/infrastructure/README.md`. +- Assume the specific environment for running feature tests against that environment. + +### Set up client certificates + +In order to access the NRLF APIs, you will need to set up client certificates for mutual TLS authentication. +In order to do this, make sure you have AWS CLI installed and configured, then run: + +``` +make ENV=env truststore-pull-client +``` + +Where `env` is one of `dev`, `test` or `prod`. + ## Getting Started To build packages: From 30fdd48e2b7271d1d1b76e52951e2fe8a1368df0 Mon Sep 17 00:00:00 2001 From: "Axel Garcia K." Date: Thu, 9 Oct 2025 10:19:09 +0100 Subject: [PATCH 2/4] NRL-1669 Add option to pull all the certificates --- Makefile | 3 +++ README.md | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index e3b194f84..3ebd2c1c7 100644 --- a/Makefile +++ b/Makefile @@ -201,6 +201,9 @@ truststore-build-ca: check-warn ## Build a CA (Certificate Authority) truststore-build-cert: check-warn ## Build a certificate @./scripts/truststore.sh build-cert "$(CA_NAME)" "$(CERT_NAME)" "$(CERT_SUBJECT)" +truststore-build-all: check-warn ## Pull all certificates + @./scripts/truststore.sh pull-all "$(ENV)" + truststore-pull-server: check-warn ## Pull a server certificate @./scripts/truststore.sh pull-server "$(ENV)" diff --git a/README.md b/README.md index b378d6ffd..37b4ae9e4 100644 --- a/README.md +++ b/README.md @@ -56,13 +56,13 @@ As a short guideline about profiles to assume for a typical workflow: - Assume mgmt account for stack specific terraform deployment as indicated in `terraform/infrastructure/README.md`. - Assume the specific environment for running feature tests against that environment. -### Set up client certificates +### Set up NRLF certificates -In order to access the NRLF APIs, you will need to set up client certificates for mutual TLS authentication. +In order to execute make commands that need AWS access, you will need to pull the NRLF certificates. In order to do this, make sure you have AWS CLI installed and configured, then run: ``` -make ENV=env truststore-pull-client +make ENV=env truststore-pull-all ``` Where `env` is one of `dev`, `test` or `prod`. From 4bb051440989ca1aae176c397879f03b0dfc2f83 Mon Sep 17 00:00:00 2001 From: "Axel Garcia K." Date: Thu, 9 Oct 2025 16:07:54 +0100 Subject: [PATCH 3/4] NRL-1669 Fix readme environment tip. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 37b4ae9e4..bcaf612e3 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ In order to do this, make sure you have AWS CLI installed and configured, then r make ENV=env truststore-pull-all ``` -Where `env` is one of `dev`, `test` or `prod`. +Where `env` is one of `dev`, `qa` , `int`, `ref` or `prod`. ## Getting Started From adc1a22a091699fb2cbd1f46d80d1b0856892f5d Mon Sep 17 00:00:00 2001 From: "Axel Garcia K." Date: Thu, 9 Oct 2025 16:12:37 +0100 Subject: [PATCH 4/4] NRL-1669 Fix misstype in makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 3ebd2c1c7..00104a48c 100644 --- a/Makefile +++ b/Makefile @@ -201,7 +201,7 @@ truststore-build-ca: check-warn ## Build a CA (Certificate Authority) truststore-build-cert: check-warn ## Build a certificate @./scripts/truststore.sh build-cert "$(CA_NAME)" "$(CERT_NAME)" "$(CERT_SUBJECT)" -truststore-build-all: check-warn ## Pull all certificates +truststore-pull-all: check-warn ## Pull all certificates @./scripts/truststore.sh pull-all "$(ENV)" truststore-pull-server: check-warn ## Pull a server certificate