Can I pass AWS creds to Kops CLI or programmatically? How to handle multiple AWS accounts?
You can redefine the KOPS_STATE_STORE
environment variable to point to different s3 buckets in different aws accounts. You'll also have to export AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
variables for the given s3 bucket's account authorization.
To make the switch easier on yourself, do the following. Create two export var files, let's call them aws_cluster_acct_1.env
and aws_cluster_acct_2.env
.
aws_cluster_acct_1.env:
export AWS_ACCESS_KEY_ID=foo1
export AWS_SECRET_ACCESS_KEY=bar1
export KOPS_STATE_STORE=s3://aws-account-kops-bucket-1
aws_cluster_acct_2.env:
export AWS_ACCESS_KEY_ID=foo2
export AWS_SECRET_ACCESS_KEY=bar2
export KOPS_STATE_STORE=s3://aws-account-kops-bucket-2
Now when you want to switch between KOPS clusters in different AWS accounts, you can run either source aws_cluster_acct_1.env
or source aws_cluster_acct_2.env
and that will load up the appropriate environment variables for you to start doing stuff with either AWS account's KOPS clusters.