Create an AWS user

If you haven’t already, create an AWS user for your team member. You can either create a IAM user or an Identity Center user. IAM users are specific to one AWS account and have long-term credentials like passwords and access keys, making them suitable for applications needing consistent access. In contrast, Identity Center users can access multiple AWS accounts and applications using temporary credentials through single sign-on (SSO), which is more secure and easier to manage for human users needing access to various resources. Follow this blog to add an Identity Center User: https://docs.aws.amazon.com/singlesignon/latest/userguide/addusers.html. And this one to add an IAM User: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html

Steps to give cluster access

Instructions for your team mate

  1. Install AWS CLI: You can follow these instructions to install AWS CLI https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
  2. Configure AWS: Run the aws configure and enter your ACCESS_KEY_ID, SECRET_ACCESS_KEY, SESSION_TOKEN(only for Identity Center User) and REGION values as you are prompted. You can also directly modify your ~/.aws/credentials file. Read more about configuring your AWS CLI here https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html
  3. Get Principal ARN for your user: Run the command tensorkube get-principal-arn. This will output the principal ARN that the cluster owner must use to give access

Instructions for the cluster creator

  1. Give cluster access: The cluster owner must run the command
tensorkube give-cluster-access --principal-arn ARN_FROM_STEP_3

Instructions for your team mate

  1. Sync with the cluster: Once the cluster owner has run the command in step 4, run the tensorkube sync command to sync your local machine to use the cluster.

And that’s it! You have successfully added a team member to your Tensorkube cluster. 🚀