How do I get access?
Ask in the
#team-platform Slack channel for someone to add you. Anyone who has edit access can do so.
To give someone access: navigate to IAM and use the
Add Users button at the top right to add their PostHog email as username, pick
AWS Management Console access and add them to the
Team group, then Slack them the sign-in URL, username, and password.
IMPORTANT: You must log out and then log back in!
This is because of MFA. Just adding MFA isn't quite enough for AWS console so if you are seeing a bunch of really weird permissions errors. Log out, then log back in using your MFA token. This should resolve everything!
Permissions errors using aws cli
If you see something like:
<my-user> is not authorized to perform: <action> on resource: <resource> with an explicit deny
Note the "with an explicit deny" in the end which likely is due to the fact that we force Multi-Factor Authentication (MFA). Follow this guide to use a session token.
- Look up your security credential MFA device name from AWS console from
aws sts get-session-token --serial-number <arn-of-the-mfa-device> --token-code <code-from-token> --duration 129600where
code-from-tokenis the same code you'd use to login to the AWS console (e.g. from Authy app).
- Run the following code, replacing the placeholder values with the appropriate ones:
export AWS_ACCESS_KEY_ID=example-access-key-as-in-previous-outputexport AWS_SECRET_ACCESS_KEY=example-secret-access-key-as-in-previous-outputexport AWS_SESSION_TOKEN=example-session-token-as-in-previous-output
- Unset them when done (after they expire before running
unset AWS_ACCESS_KEY_ID && unset AWS_SECRET_ACCESS_KEY && unset AWS_SESSION_TOKEN
See docs here.