oslogin // impersonate a service account

certificate | impersonate | install | instance | ssh key

requirements

assuming the sa exists already with roles compute.osAdminLogin and compute.operator

setup

sa=ansible-oslogin-test-sa

first shot

yc config profile list

    YC_CLOUD_ID=`yc config get cloud-id`
    YC_FOLDER_ID=`yc config get folder-id`

    echo $YC_CLOUD_ID
    echo $YC_FOLDER_ID

cd ~/.config/
cp -R yandex-cloud/ yandex-cloud.`date +%s`/
cd yandex-cloud/

yc iam key create \
    --cloud-id $YC_CLOUD_ID \
    --folder-id $YC_FOLDER_ID \
    --service-account-name $sa \
    --description "$USER@$HOSTNAME $sa-key.json" \
    --output $sa-key.json
chmod 400 $sa-key.json

# --service-account-id

yc config profile create $sa
yc config set service-account-key $sa-key.json
yc config set cloud-id $YC_CLOUD_ID
yc config set folder-id $YC_FOLDER_ID

#yc iam create-token

further go

yc config profile activate $sa

ready to go

you can now proceed with reaching an instance using a CLI or certificate

clean-up

back to normal

yc config profile list
yc config profile activate test

resources

yc iam key create https://yandex.cloud/en/docs/cli/cli-ref/managed-services/iam/key/create

Authenticate as a service account https://yandex.cloud/en/docs/cli/operations/authentication/service-account#auth-as-sa


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun