Working with cloud providers
Last updated:
AWS
How do I get access?
Ask in the #team-platform
Slack channel for someone to add you. Anyone who has edit access can do so.
To give someone access: navigate to IAM and use the Add Users
button at the top right to add their PostHog email as username, pick AWS Management Console access
and add them to the Team
group, then Slack them the sign-in URL, username, and password.
IMPORTANT: You must log out and then log back in!
This is because of MFA. Just adding MFA isn't quite enough for AWS console so if you are seeing a bunch of really weird permissions errors. Log out, then log back in using your MFA token. This should resolve everything!
Permissions errors using aws cli
If you see something like:
<my-user> is not authorized to perform: <action> on resource: <resource> with an explicit deny
Note the "with an explicit deny" in the end which likely is due to the fact that we force Multi-Factor Authentication (MFA). Follow this guide to use a session token.
TLDR:
- Look up your security credential MFA device name from AWS console from
https://console.aws.amazon.com/iam/home#/users/<user-name>?section=security_credentials
- Run
aws sts get-session-token --serial-number <arn-of-the-mfa-device> --token-code <code-from-token> --duration 129600
wherecode-from-token
is the same code you'd use to login to the AWS console (e.g. from Authy app). - Run the following code, replacing the placeholder values with the appropriate ones:
export AWS_ACCESS_KEY_ID=example-access-key-as-in-previous-outputexport AWS_SECRET_ACCESS_KEY=example-secret-access-key-as-in-previous-outputexport AWS_SESSION_TOKEN=example-session-token-as-in-previous-output
- Unset them when done (after they expire before running
get-session-token
again):
unset AWS_ACCESS_KEY_ID && unset AWS_SECRET_ACCESS_KEY && unset AWS_SESSION_TOKEN
Deploying PostHog
See docs here.
GCP
How do I get access?
Ask someone in the #team-platform
Slack channel to add you. Anyone who has edit access can do so.
To give someone access: Navigate to PostHog project IAM and use the +Add
button at the top to add their PostHog email address and toggle Basic
-> Editor
role.
Deploying PostHog
See docs here.
DigitalOcean
How do I get access?
Ask in the #team-platform
Slack channel for someone to add you. Anyone who is an owner can do so.
To give someone access: Navigate to PostHog team settings page and use the Invite Members
button to add their PostHog email address.
Edit 1-Click app info
This can be done in the vendor portal, click on PostHog
with Approved status to edit the listing.
The code and setup files are in digitalocean/marketplace-kubernetes repository.
Deploying PostHog
See docs here.