Minor docs updates

noqdev · Mar 2, 2023 · a53e5c0 · a53e5c0
1 parent c6e449e
commit a53e5c0
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 42 deletions.
diff --git a/docs/web/docs/1-getting_started/2-aws.mdx b/docs/web/docs/1-getting_started/2-aws.mdx
@@ -30,51 +30,17 @@ You will then practice using IAMbic to to create, manipulate, and expire a test
 * Administrative-level access to AWS in order to create and manage IAM identities. This level of access is required to create an IAM identity for the use of IAMbic and also to manage policies associated with it.
 
 * These credentials should be configured in the terminal you are using to configure IAMbic.
-<!-- #TODO which credentials? For our admin-level access? We should say that explicitly to tie together the concepts: "these administrative credentials..." -->
+
 * You should also be aware of [how AWS credentials are sourced locally](https://docs.aws.amazon.com/sdkref/latest/guide/standardized-credentials.html#credentialProviderChain) by the Amazon SDKs. This will help debug different scenarios, such as credential prioritization and expiration.
 
 
 ## Setup
 
 ### 1. Configure IAMbic for AWS
 
-<!-- ### 1.1 Obtain AWS Credentials
-
-You need AWS credentials to perform subsquent steps.
-
-First, create a Hub Role for IAMbic. The Hub Role is the role that IAMbic uses directly
-
-#### Hub Role Policy
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": [
-        "sts:assumerole",
-        "sts:tagsession"
-      ],
-      "Effect": "Allow",
-      "Resource": [
-        "arn:aws:iam::*:role/IambicSpokeRole"
-      ]
-    }
-  ]
-}
-```
-
-#TODO: Define Hub and Spoke Role Permissions
-
-You need AWS credentials with an appropriate level of permissions before proceeding. IAMbic works on a Hub-and-Spoke model across multiple AWS accounts. It is assumed that you are running IAMbic with direct access with the equivalent of Hub role permissions. We recommend using an IAM role or an AWS SSO permission set as the credentials of these identities are temporary. The use of IAM user should be avoided, if possible. -->
+Configure IAMbic by creating a local git repository and running `iambic setup`. For more specific guidance, please read our [Install and Configure](/getting_started/install_and_configure) guide.
 
-<!-- 1.1.1 Option A: Create an AWS IAM Role
-
-https://docs.aws.amazon.com/IAM/latest/UserGuide/id\_roles\_create.html
-
-1.1.2 Option B: Create an AWS SSO Permission Set
-
-https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html  -->
+If you'd prefer to manually write a configuration, please follow the steps below.
 
 #### Write a configuration
 
@@ -113,7 +79,6 @@ aws:
 
 Write the finished config file to `config/config/yaml` in your `iambic-templates` repository. Once this is written to disk, your repository should resemble this folder structure:
 
-<!-- #TODO config/config/yaml or config/config.yaml? Also below. Is there conflict if  -->
 
 ```bash
 $ tree
@@ -137,7 +102,7 @@ aws:
   accounts:
     - account_name: "main"
       account_id: "123456789012"
-      # aws_profile: 'profile_name' # Optional. If not provided, the default profile will be used
+      # aws_profile: 'profile_name' # Optional. If not provided, the default profile will be used. if the AWS_PROFILE environment variable is specified, it will be used.
       # assume_role_arn: 'arn:aws:iam::123456:role/IambicSpokeRole' # Optional. The role assumed using credentials provided by `aws_profile`
 ```
 

diff --git a/iambic/config/wizard.py b/iambic/config/wizard.py
@@ -11,6 +11,7 @@
 import botocore
 import questionary
 from botocore.exceptions import ClientError, NoCredentialsError
+
 from iambic.config.dynamic_config import (
     CURRENT_IAMBIC_VERSION,
     Config,
@@ -245,9 +246,9 @@ def __init__(self, repo_dir: str):
             identity_arn = get_identity_arn(default_caller_identity)
             if questionary.confirm(
                 f"IAMbic detected you are using {identity_arn} for AWS access.\n"
-                f"This role will require the ability to create"
+                f"This identity will require the ability to create"
                 f"CloudFormation stacks, stack sets, and stack set instances.\n"
-                f"Would you like to use this role?"
+                f"Would you like to use this identity?"
             ).ask():
                 self.caller_identity = default_caller_identity
             else:
@@ -347,7 +348,7 @@ def set_aws_profile_name(
                 f"Unable to detect default AWS credentials or "
                 f"they are not for the Hub Account ({self.hub_account_id}).\n"
                 f"Please specify the profile to use with access to the Hub Account.\n"
-                f"This role will require the ability to create "
+                f"This identity will require the ability to create "
                 f"CloudFormation stacks, stack sets, and stack set instances."
             )