login

Logging In to AWS and GCP

January 22, 2023

Here’s my Bash script to login to both AWS and GCP. It has a little bit of intelligence. It checks if you are already logged in, and skips if you are. If not logged in, it will open up the cloud web console which is protected by Okta. The script has been redacted and replace with generic usernames and web pages for security reasons.

#!/bin/bash
## CHECK IF LOGGED IN TO GCP 
read -p "Login to GCP? (y/n) : " login_gcp
if [[ $login_gcp = "y" ]]; then
  file1="/Users/username/code/etc/auth-gcp.txt"
  gcloud auth print-identity-token 1> /dev/null 2> $file
  user=$(gcloud config list account --format "value(core.account)")
  auth=$(cat "$file" | head -n 1)
  rm -f $file1
  if [[ $auth == "Reauthentication required." ]] ||  [[ $user != "first.last@domain.com" ]]; then
    echo "Logging in to Google Cloud Platform."
    gcloud auth login
    gcloud auth application-default login
    open https://okta-login
  else
    echo "You are already logged in to Google Cloud Platform."
  fi
else
  echo "Skipping GCP ... "
fi
## CHECK IF LOGGED IN TO AWS
read -p "Login to AWS? (y/n) : " login_aws
if [[ $login_aws = "y" ]]; then  
  file2=""/Users/username/code/etc/auth-aws.txt""
  aws sts get-caller-identity 2> $file2
  expired=$(tail -n +2 "$file2")
  rm -f $file2
  if [[ $expired =~ "expired" ]] || [[ $expired =~ "Unable" ]]; then
    open https://okta-login
    echo "please wait until web page loads ... "
    read -p "Press any key to continue... " -n1 -s
    echo ""
    basecred='/Users/username/.aws/credentials.base'
    newcreds='/Users/username/Downloads/credentials'
    creds='/Users/username/.aws/credentials'
    if [ ! -f $newcreds ]; then
      echo 'No AWS credentials.'
      exit
    else
      cat $newcreds $basecred > $creds
      echo 'New AWS credentials.'
      sleep 3
      rm -f $newcreds
    fi
  else
    echo "You are already logged in to AWS."
  fi
else 
  echo "Skipping AWS ... "
fi

Set Terminal Browser to Firefox

February 7, 2022

Every time I log in to Google Cloud, it’s using the Chromium.

Set BROWSER env to Firefox instead.

export BROWSER=/usr/bin/firefox

gcloud auth login

Add it your .bashrc or .bashprofile if you want it to be permanent.

GCP SSH Issues

July 20, 2021

There are a few issues that prop up every once in a while with gcloud compute ssh. gcloud compute ssh creates local user at first login. The account password has a default expiration of 90 days. If unable to login, you can try logging in as a different name (even a fictitious name) e.g. superheroes, etc. something unique.

gcloud compute ssh username@servername --zone us-central1-c --project project-id --internal-ip

Once logged in, you can delete local users with expired passwords or perform other admin tasks.

userdel -r username

You can also try to run chage to adjust the password expiration.

chage -M 180 username  (extends expiration from 90 to 180 days)

If you continue to have login issues, you can also delete Metadata SSH keys in both the instance and project levels.

Last resort you can use force key overwrite which will regenerate a new key and overwrite broken ssh keys.

gcloud compute ssh username@servername \
--force-key-file-overwrite \
--zone us-central1-c \
--project project-id \
--internal-ip

GCP Compute Enable OS Login

May 27, 2021

If you have trouble logging in (SSH) to your GCP instance, you may have to enable OS Login.

gcloud compute instances add-metadata server-name \
--metadata enable-oslogin=TRUE \
--zone us-central1-c \
--project project-id

When done, you can set it back to FALSE.

GCP Login Service Account

May 13, 2021

Here’s the command to authenticate as a service account.

gcloud auth activate-service-account --key-file=key.json

To log out.

gcloud auth revoke

Invalid Credentials with gsutil

April 16, 2021

If you’re trying to access GCS (Google Cloud Storage) and you’re getting “Your credentials are invalid. Please run gcloud auth login”, you most likely have a previous key stored in the ~/.boto file. This happens if you previously configured gsutil with your own credentials, then switched over to Google SDK mode. To fix the invalid credentials, edit the ~/.boto file and comment out the auth key.

vim ~/.boto

Comment out.

#gs_oauth2_refresh_token = <token redacted>

Rerun the gsutil ls command. It should work.

GCP 400 Bad Request

March 15, 2021

After logging in, I tried to run Terraform in GCP and received this error:

oauth2: cannot fetch token: 400 Bad Request

Here’s the fix. Login using application-default.

gcloud auth application-default login

You can then Terraform.

terraform apply

SCP

January 6, 2020

SCP is similar to the CP or copy command, but it’s done via a secure network.

Here’s a CP command.

cp /dir1/filename /dir2

You can use SCP to copy file to another system. It requires login.

scp /dir1/filename user@server:/home/user

This is using SCP to copy a file from 2 remote systems.

scp user@host1:/home/user/dir1/file.txt user@host2:/home/user/dir2