Quickstart¶
Deploy DCE and lease an account quickly using the DCE CLI.
Download the appropriate executable for your OS from the latest release. e.g. for mac, you should download dce_darwin_amd64.zip
Unzip and move the executable to a directory on your PATH, e.g.
# Download the zip file curl -L -o dce_darwin_amd64.zip https://github.com/Optum/dce-cli/releases/latest/download/dce_darwin_amd64.zip # Unzip to a directory on your path unzip dce_darwin_amd64.zip -d /usr/local/bin
Type
dce init
. Leave all fields blank for now.Deploy DCE using IAM Credentials that have AdministratorAccess
export AWS_ACCESS_KEY_ID=XXXXXXXXXX export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXX dce system deploy
Retrieve the DCE API url from API Gateway in your master account, and add it to the dce config file, e.g.
api: host: abcdefghij.execute-api.us-east-1.amazonaws.com basepath: /api region: us-east-1
Prepare a second AWS account to be your first “DCE Child Account”.
Create an IAM role with
AdministratorAccess
and a trust relationship to your DCE Master AccountsCreate an account alias in the IAM dashboard or using the AWS CLI command
aws iam create-account-alias --account-alias examplealias
Add your child account to the accounts pool
dce accounts add --account-id <child-account-id> --admin-role-arn <child-account-cross-account-role-arn>
Wait until the child account
accountStatus
isReady
dce accounts list [ { "accountStatus": "Ready", "adminRoleArn": "arn:aws:iam::555555555555:role/DCEMasterAccess", "createdOn": 1575485630, "id": "775788068104", "lastModifiedOn": 1575485630, "principalPolicyHash": "\"bc5872b50475b186afea67ff47516a8f\"", "principalRoleArn": "arn:aws:iam::775788768154:role/DCEPrincipal-quickstart" } ]
Lease your child account
dce leases create --budget-amount 100.0 --budget-currency USD --email jane.doe@email.com --principal-id quickstartuser
Log in to your leased account using the
--open-browser
flag to open the AWS Console in your default web browser. See the howto guide for more login options.dce leases login --open-browser <lease-id>