AWS
How do I get access?
Ask in the #team-infrastructure
Slack channel for someone to add you.
To give someone access (important to follow these steps!):
- navigate to IAM
- Use the
Add Users
button at the top right to add their PostHog email as username and select 'password'. - Important! Untick 'User must create a new password at next sign-in', as that'll cause issues with MFA.
- Pick
AWS Management Console access
and add them to theTeam
group - Slack the username, password and console link to new user.
- User has to log in, set up MFA, log out, and then change password. They may need to log out again.
IMPORTANT: You must log out and then log back in!
This is because of MFA. Just adding MFA isn't quite enough for AWS console so if you are seeing a bunch of really weird permissions errors. Log out, then log back in using your MFA token. This should resolve everything!
Permissions errors using AWS CLI
If you see something like:
<my-user> is not authorized to perform: <action> on resource: <resource> with an explicit deny
Note the "with an explicit deny" in the end which likely is due to the fact that we force Multi-Factor Authentication (MFA). Follow this guide to use a session token.
TLDR:
- Look up your security credential MFA device name from AWS console from
https://console.aws.amazon.com/iam/home#/users/<user-name>?section=security_credentials
- Run
aws sts get-session-token --serial-number <arn-of-the-mfa-device> --token-code <code-from-token> --duration 129600
wherecode-from-token
is the same code you'd use to login to the AWS console (e.g. from Authy app). - Run the following code, replacing the placeholder values with the appropriate ones:
export AWS_ACCESS_KEY_ID=example-access-key-as-in-previous-outputexport AWS_SECRET_ACCESS_KEY=example-secret-access-key-as-in-previous-outputexport AWS_SESSION_TOKEN=example-session-token-as-in-previous-output
- Unset them when done (after they expire before running
get-session-token
again):
unset AWS_ACCESS_KEY_ID && unset AWS_SECRET_ACCESS_KEY && unset AWS_SESSION_TOKEN
Deploying PostHog
See docs here.
GCP
How do I get access?
Ask in the #team-infrastructure
Slack channel for someone to add you.
To give someone access: Navigate to PostHog project IAM and use the +Add
button at the top to add their PostHog email address and toggle Basic
-> Editor
role.
Deploying PostHog
See docs here.
DigitalOcean
How do I get access?
Ask in the #team-infrastructure
Slack channel for someone to add you.
To give someone access: navigate to PostHog team settings page and use the Invite Members
button to add their PostHog email address.
Edit 1-Click app info
This can be done in the vendor portal, click on PostHog
with Approved status to edit the listing.
The code and setup files are in digitalocean/marketplace-kubernetes repository.
Deploying PostHog
See docs here.