ConsoleMe
GitHub
  • About
  • Architecture
  • Features
    • Credentials
      • AWS Console Login
      • AWS Credential Broker
    • Policy Management
      • Policies View
      • Policy Editor for IAM, SQS, SNS, and S3
      • Self-Service IAM Wizard
      • Policy Request - Review Page
      • Role Creation and Cloning
  • Demo
  • Quick Start
    • Docker
    • Local
  • Prerequisites
    • Required IAM Permissions
      • Central Account
      • Spoke Accounts
  • Configuration
    • Web App Authentication and Authorization
      • Local Development (Auth bypass)
      • ALB Auth (Recommended)
      • Retrieving Google Groups
      • OIDC/OAuth2
        • Cognito
        • Okta
      • SAML
      • Plain-Text Headers
    • Role Credential Authorization
      • Role Tags
        • Role Tagging Service Control Policy (Recommended)
      • Role Authorization through Dynamic Configuration
      • Custom Authorization (Internal Plugin)
    • Account Syncing
    • Metrics
    • Dynamic Configuration
    • AWS Resource Syncing
    • CLI Authentication
    • Sending email through SES
    • AWS Secret Manager Integration
    • CloudTrail Integration via AWS Event Bridge
    • Slack Notifications
  • Celery Tasks
    • Celery Flower
  • Development Guide
    • UI Components
    • Managing Dependencies
  • Deployment Strategies
  • Contributing
  • FAQ
  • License
  • Security
  • Weep CLI
    • Getting Started with Weep
    • AWS Credentials in the CLI using Weep and ConsoleMe
    • Configuration
    • Commands
      • List
      • Serve
      • Export
      • File
      • Credential Process
    • Assuming Roles
    • Advanced Configuration
      • Routing for Metadata Service
      • Shell Completion
Powered by GitBook
On this page
  • MacOS
  • Linux
  • Browse to ConsoleMe
  • Create your Configuration

Was this helpful?

  1. Quick Start

Local

Provides instructions for getting ConsoleMe up and running locally.

PreviousDockerNextPrerequisites

Last updated 3 years ago

Was this helpful?

ConsoleMe requires Python 3.8 or above. Install , , and _**_on your system, consider following , then clone ConsoleMe locally in a directory of your choosing via HTTP or SSH:

MacOS

# Install Python, Yarn, libxmlsec1, and other dependencies
brew install python@3.8 yarn pkgconfig libxmlsec1

# XCode Command-Line Tools
xcode-select --install

Linux

Ubuntu disco/19.04+, Debian buster/10+

# Additional dependencies
sudo apt-get install build-essential libxml2-dev libxmlsec1 libxmlsec1-dev libxmlsec1-openssl musl-dev libcurl4-nss-dev python3-dev pkg-config -y
# Nodejs/Yarn (Frontend dependencies)
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash
sudo apt-get install -y nodejs
sudo npm install yarn -g

Clone the ConsoleMe repo

Clone ConsoleMe locally in a directory of your choosing:

# If you have a fork, you'll want to clone it instead
git clone https://github.com/Netflix/consoleme.git ; cd consoleme
# OR # 
git clone git@github.com:Netflix/consoleme.git ; cd consoleme

Start Redis and DynamoDB containers

A local set of Redis and DynamoDB (local) instances need to be set up. These are provided as Docker containers. In a separate terminal window, start the local Redis and dynamodb instances:

docker-compose -f docker-compose-dependencies.yaml up -d

Get access to administrative credentials on your account

After you have ConsoleMe set up, you should no longer need IAM user credentials. Please set a reminder to delete these when you're done with them.

Make a virtual environment and run the installation script

In repo root run make install. Ensure that you have valid AWS credentials so that ConsoleMe can cache your resources.

# Make a Python 3.8 Virtual Environment using your preferred method. Here's a standard way of doing it:
python3 -m venv env
. env/bin/activate

# Ensure that you have valid AWS credentials before running `make install`
make install

# The `make install` step runs the following commands, and attempts to create local dynamo tables:
#
# pip install -r requirements.txt -r requirements-test.txt -e .
# yarn --cwd ui
# yarn --cwd ui build:prod
# python scripts/initialize_dynamodb_oss.py
# python scripts/initialize_redis_oss.py

Run ConsoleMe's backend with the default configuration

# Run ConsoleMe
python consoleme/__main__.py
# You should be able to visit Consoleme's Web UI at http://localhost:8081
# (Optional) Run ConsoleMe's UI through Yarn for local UI development
cd ui ; yarn start
# If you follow this step, you should be able to see the UI at http://localhost:3000
# (Optional) Run Celery for local development
cd /home/service/consoleme ; celery -A consoleme.celery_tasks.celery_tasks worker -l DEBUG -B -E --concurrency=8
# If you follow this step, you should be able to see Celery is running

ConsoleMe requires Python 3.8+. If your virtualenv was installed under Python2.x this will blow up. You can usually fix this by uninstalling and reinstalling under python3.x by removing your existing virtualenv and creating a new one with Python 3: python3 -m venv env. When the make install command is running, it will install all the dependencies, and it will also run ConsoleMe Celery tasks to populate its Redis cache if necessary. This also updates the local DynamoDB instance, which persists data on disk. This command will need to be run anytime you want to update your local cache. In a production environment, you'd be running Celery, which has scheduled tasks that would update your resource cache automatically.

Browse to ConsoleMe

Create your Configuration

For an initial setup, we advise making an IAM user with sufficient privileges to allow ConsoleMe to sync your IAM roles, S3 buckets, SQS queues, SNS topics, and AWS Config data. Sections below outline the required permissions. See for configuring your user credentials.

For local, unauthenticated development, the default configuration ( ) will override the user you are authenticated as for development.

You should now be able to access the ConsoleMe web UI at (Or if you ran cd ui ; yarn start).

You'll notice that you're unable to access any IAM roles with the default configuration. You'll need to follow the guidance under to grant access to role credentials to your users and/or the groups they are members of.

At this point, you'll want to configure ConsoleMe to suit your needs. Read up on ConsoleMe can be configured to . We have a script that can help you generate your ConsoleMe configuration. Read more about that in our .

Then, set the CONFIG_LOCATION environment variable to the full path of your configuration file, or copy the configuration to one of the locations ConsoleMe will load from (described ).

git
docker
docker-compose
Docker's post-installation steps for Linux
this page
example_config/example_config_development.yaml
http://localhost:8081/
http://localhost:3000
Role Credential Authorization
ConsoleMe’s yaml configuration.
authenticate your users via SAML, OIDC, header authentication, or it can bypass authentication altogether
Configuration FAQ
here