Configuration
Run depot cfg to run the interactive quickstart configuration. Enter details (leaving blank if not yet relevant) for:
- AWS Profile name (e.g. my-aws-dev-profile)
- Depot Project Name (blank if none yet)
- Depot environment ID (blank if none yet)
The AWS profile name you choose will be the default for all commands that interact with AWS, unless you override it with the --awsprofile argument.
Once complete, a Depot CLI configuration file is created in your HOME directory at ~/.depotrc.
For SSO AWS named profiles (e.g. via Okta) you should have a configuration that looks something like the following:
[default]
region=eu-west-1
output=json
[profile sso-ws-build]
sso_start_url = https://d-123456abcd.awsapps.com/start#
sso_region = eu-west-1
sso_account_id = 123456789012
sso_role_name = example-dev
region = eu-west-1
output = json
Depot CLI commands with AWS integration will then be invoked with the --awsprofile argument set to the relevant SSO named profile. E.g. sso-ws-build in the above configuration.
Avoid using the AWS_PROFILE environment variable when using an SSO named profile. This could potentially cause issues with the Depot CLI's use of AWS clients to interact with AWS.
AWS Regions
If your Depot environment lives in a different region to the default you usually work with, use the AWS_REGION environment variable when working with Depot CLI.
For example, if you have a Depot environment deployed to the us-east-1 region, you can use export AWS_REGION=us-east-1 in your shell session when working with Depot CLI.
If you use an 'access' style AWS profile for assuming AWS roles in other accounts, make sure you
duplicate those credentials into a default named profile block in your ~/.aws/credentials file.
For example:
[companyaccess]
aws_access_key_id = SPECIFIC_ACCESS_KEY_HERE
aws_secret_access_key = SPECIFIC_SECRET_ACCESS_KEY_HERE
[default]
aws_access_key_id = SPECIFIC_ACCESS_KEY_HERE
aws_secret_access_key = SPECIFIC_SECRET_ACCESS_KEY_HERE
This is especially relevant if you notice and AWS credential chain related errors when trying
to run Depot CLI commands that use the --awsprofile argument which interact with AWS.
Setting Credentials
For creating projects, the CLI requires permissions to create repositories in your GitHub account
If you don’t have one, generate a new GitHub personal access token
Ensure the token has permissions for workflow, write:packages, repo.* and read:org
Set an environment variable with the name GITHUB_TOKEN to store your token. Alternatively, you can specify the token for relevant commands using the --github argument.
For interacting with data, the CLI requires access to your AWS account. Either install and configure the AWS CLI or create your AWS configuration manually. The Depot CLI will automatically use your AWS credentials based on a named profile configuration. As explained above, these will be chosen based on your configured default Depot AWS profile name, or via command --awsprofile argument override.
Profiles
The CLI can store the following configuration variables in a local profile to remove the need to specify them for every command:
- AWS profile name - be sure that this matches the relevant AWS named profile when you want to work in a specific AWS account that your Depot environment(s) live in.
- Depot project name
- Depot environment id
Use the configure command to save these values in your default profile.
You can also create multiple profiles using the set-profile <profile-name> command followed by configure. Use any name consisting of numbers, letters, underscores and hyphens. The default profile can be accessed using set-profile default.
Your configuration is stored in a file called .depotrc in your user HOME directory. If you are using multiple AWS accounts, it’s safer to specify the account separately for each command using the switch --awsprofile my-profile-name.