How to Substrate
Substrate makes magic with your identity provider, AWS and Terraform
Installing in 1, 2, 3
Bootstrap
Open a fresh AWS account. Don't worry we can adopt any existing accounts later.
Run:
substrate setupand it will start configuring AWS accounts and environments for you and install the Substrate intranet in a Substrate-managed AWS account.Integrate with your identity provider for credentials and roles. We support Azure Active Directory, Google Workspace and Okta.
Create Accounts and roles for your environments and domains
Create new accounts and environments with
substrate account createYou can easily create separate environments for development, staging and production.
You can use substrate domains to separate services within an environment.
Create AWS IAM roles with
substrate role createand use your identity provider to assign the role to people and teams.
Start your day with 12 hour temporary credentials by running:
eval $(substrate credentials)to authenticate with AWS and the Substrate intranet via your identity provider.Access any authorized AWS accounts or roles in your terminal with
substrate assume-roleand get to work.Use the Substrate intranet to access the AWS console for any authorized account in your organization.
Run Terraform, the AWS CLI, etc as whatever role you need.
How do I do with Substrate?
Authenticate your terminal at the start of the day
eval $(substrate credentials)
This grants temporary credentials (12 hours) and stores them in your environment and/or macOS keychain.
Assume roles to move between AWS accounts
substrate assume-role —domain app —environment staging aws ec2 describe-instances
This runs an aws cli command in a specific AWS account specified with the -domain and -environment flags.
Create an AWS account
substrate account create —domain app —environment staging
This will create a new AWS account with the domain 'app' in the 'staging' environment.
Create an AWS IAM role
substrate role create —role Eng
This will create a new IAM Role called Eng.
For a detailed understanding, please refer to the Substrate documentation.