• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

login

Logging In to AWS and GCP

January 22, 2023

Here’s my Bash script to login to both AWS and GCP. It has a little bit of intelligence. It checks if you are already logged in, and skips if you are. If not logged in, it will open up the cloud web console which is protected by Okta. The script has been redacted and replace with generic usernames and web pages for security reasons.

#!/bin/bash
## CHECK IF LOGGED IN TO GCP 
read -p "Login to GCP? (y/n) : " login_gcp
if [[ $login_gcp = "y" ]]; then
  file1="/Users/username/code/etc/auth-gcp.txt"
  gcloud auth print-identity-token 1> /dev/null 2> $file
  user=$(gcloud config list account --format "value(core.account)")
  auth=$(cat "$file" | head -n 1)
  rm -f $file1
  if [[ $auth == "Reauthentication required." ]] ||  [[ $user != "first.last@domain.com" ]]; then
    echo "Logging in to Google Cloud Platform."
    gcloud auth login
    gcloud auth application-default login
    open https://okta-login
  else
    echo "You are already logged in to Google Cloud Platform."
  fi
else
  echo "Skipping GCP ... "
fi
## CHECK IF LOGGED IN TO AWS
read -p "Login to AWS? (y/n) : " login_aws
if [[ $login_aws = "y" ]]; then  
  file2=""/Users/username/code/etc/auth-aws.txt""
  aws sts get-caller-identity 2> $file2
  expired=$(tail -n +2 "$file2")
  rm -f $file2
  if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then
    open https://okta-login
    echo "please wait until web page loads ... "
    read -p "Press any key to continue... " -n1 -s
    echo ""
    basecred='/Users/username/.aws/credentials.base'
    newcreds='/Users/username/Downloads/credentials'
    creds='/Users/username/.aws/credentials'
    if [ ! -f $newcreds ]; then
      echo 'No AWS credentials.'
      exit
    else
      cat $newcreds $basecred > $creds
      echo 'New AWS credentials.'
      sleep 3
      rm -f $newcreds
    fi
  else
    echo "You are already logged in to AWS."
  fi
else 
  echo "Skipping AWS ... "
fi

#!/bin/bash ## CHECK IF LOGGED IN TO GCP read -p "Login to GCP? (y/n) : " login_gcp if [[ $login_gcp = "y" ]]; then file1="/Users/username/code/etc/auth-gcp.txt" gcloud auth print-identity-token 1> /dev/null 2> $file user=$(gcloud config list account --format "value(core.account)") auth=$(cat "$file" | head -n 1) rm -f $file1 if [[ $auth == "Reauthentication required." ]] || [[ $user != "first.last@domain.com" ]]; then echo "Logging in to Google Cloud Platform." gcloud auth login gcloud auth application-default login open https://okta-login else echo "You are already logged in to Google Cloud Platform." fi else echo "Skipping GCP ... " fi ## CHECK IF LOGGED IN TO AWS read -p "Login to AWS? (y/n) : " login_aws if [[ $login_aws = "y" ]]; then file2=""/Users/username/code/etc/auth-aws.txt"" aws sts get-caller-identity 2> $file2 expired=$(tail -n +2 "$file2") rm -f $file2 if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then open https://okta-login echo "please wait until web page loads ... " read -p "Press any key to continue... " -n1 -s echo "" basecred='/Users/username/.aws/credentials.base' newcreds='/Users/username/Downloads/credentials' creds='/Users/username/.aws/credentials' if [ ! -f $newcreds ]; then echo 'No AWS credentials.' exit else cat $newcreds $basecred > $creds echo 'New AWS credentials.' sleep 3 rm -f $newcreds fi else echo "You are already logged in to AWS." fi else echo "Skipping AWS ... " fi

Filed Under: Cloud, Linux Tagged With: aws, gcp, login, script

Set Terminal Browser to Firefox

February 7, 2022

Every time I log in to Google Cloud, it’s using the Chromium.

Set BROWSER env to Firefox instead.

export BROWSER=/usr/bin/firefox

export BROWSER=/usr/bin/firefox

Login to GCP. It should open up Firefox browser instead of Chromium.

gcloud auth login

gcloud auth login

Add it your .bashrc or .bashprofile if you want it to be permanent.

Filed Under: Cloud Tagged With: auth, browser, chromium, firefox, gcloud, login, terminal

GCP SSH Issues

July 20, 2021

There are a few issues that prop up every once in a while with gcloud compute ssh. gcloud compute ssh creates local user at first login. The account password has a default expiration of 90 days. If unable to login, you can try logging in as a different name (even a fictitious name) e.g. superheroes, etc. something unique.

gcloud compute ssh username@servername --zone us-central1-c --project project-id --internal-ip

gcloud compute ssh username@servername --zone us-central1-c --project project-id --internal-ip

Once logged in, you can delete local users with expired passwords or perform other admin tasks.

userdel -r username

userdel -r username

You can also try to run chage to adjust the password expiration.

chage -M 180 username ​ (extends expiration from 90 to 180 days)

chage -M 180 username ​ (extends expiration from 90 to 180 days)

If you continue to have login issues, you can also delete Metadata SSH keys in both the instance and project levels.

Last resort you can use force key overwrite which will regenerate a new key and overwrite broken ssh keys.

gcloud compute ssh username@servername \
--force-key-file-overwrite \
--zone us-central1-c \
--project project-id \
--internal-ip

gcloud compute ssh username@servername \ --force-key-file-overwrite \ --zone us-central1-c \ --project project-id \ --internal-ip

Filed Under: Cloud Tagged With: compute, gcp, issues, login, ssh

GCP Compute Enable OS Login

May 27, 2021

If you have trouble logging in (SSH) to your GCP instance, you may have to enable OS Login.

gcloud compute instances add-metadata server-name \
--metadata enable-oslogin=TRUE \
--zone us-central1-c \
--project project-id

gcloud compute instances add-metadata server-name \ --metadata enable-oslogin=TRUE \ --zone us-central1-c \ --project project-id

When done, you can set it back to FALSE.

Filed Under: Cloud Tagged With: compute, gcloud, gcp, login, os, true

GCP Login Service Account

May 13, 2021

Here’s the command to authenticate as a service account.

gcloud auth activate-service-account --key-file=key.json

gcloud auth activate-service-account --key-file=key.json

To log out.

gcloud auth revoke

gcloud auth revoke

Filed Under: Cloud Tagged With: auth, gcp, login, logout, revoke, service account

Invalid Credentials with gsutil

April 16, 2021

If you’re trying to access GCS (Google Cloud Storage) and you’re getting “Your credentials are invalid. Please run gcloud auth login”, you most likely have a previous key stored in the ~/.boto file. This happens if you previously configured gsutil with your own credentials, then switched over to Google SDK mode. To fix the invalid credentials, edit the ~/.boto file and comment out the auth key.

vim ~/.boto

vim ~/.boto

Comment out.

#gs_oauth2_refresh_token = <token redacted>

#gs_oauth2_refresh_token = <token redacted>

Rerun the gsutil ls command. It should work.

Filed Under: Cloud Tagged With: .boto, auth, gcp, invalid, login, service account, token

GCP 400 Bad Request

March 15, 2021

After logging in, I tried to run Terraform in GCP and received this error:

oauth2: cannot fetch token: 400 Bad Request

oauth2: cannot fetch token: 400 Bad Request

Here’s the fix. Login using application-default.

gcloud auth application-default login

gcloud auth application-default login

You can then Terraform.

terraform apply

terraform apply

Filed Under: Cloud Tagged With: 400, bad, fetch, gcp, login, oauth2, request, token

SCP

January 6, 2020

SCP is similar to the CP or copy command, but it’s done via a secure network.

Here’s a CP command.

cp /dir1/filename /dir2

cp /dir1/filename /dir2

You can use SCP to copy file to another system. It requires login.

scp /dir1/filename user@server:/home/user

scp /dir1/filename user@server:/home/user

This is using SCP to copy a file from 2 remote systems.

scp user@host1:/home/user/dir1/file.txt user@host2:/home/user/dir2

scp user@host1:/home/user/dir1/file.txt user@host2:/home/user/dir2

Filed Under: Linux Tagged With: cp, ftp, login, network, scp, secure

  • Go to page 1
  • Go to page 2
  • Go to Next Page »
  • Home
  • About
  • Archives

Copyright © 2023