Escalator
Escalator is a self-service tool for Marqo engineers to grant themselves admin access to prod environments as needed.
The safety of prod AWS accounts is business critical. Rather than engineers always having admin access, it should be automatically provisioned as needed and revoked soon after. Each request recorded with a justification, and all access changes leave a clear audit.
Usageโ
Developmentโ
Before you start, configure AWS CLI to access the escalator AWS account where Escalator is deployed. Set up your ~/.aws/config file to look something like this:
[profile escalator]
sso_session = sso
sso_account_id = 992382409372
sso_role_name = AdministratorAccess
region = us-east-1
credential_process = aws configure export-credentials --profile escalator
sso_start_url = https://d-9067a2ad56.awsapps.com/start#
[sso-session sso]
sso_start_url = https://d-9067a2ad56.awsapps.com/start#
sso_region = us-east-1
sso_registration_scopes = sso:account:access
Then log in to the AWS SSO portal and run the following command to get your credentials:
aws sso login --sso-session sso
Now you can run the following commands:
pip install -r requirements.dev.txt
invoke build
invoke run
invoke deploy