# Cloud Provider Iam Check

The **pf9cp** CLI helps users check IAM access and confirm prerequisites for AWS. The CLI works by connecting to the target cloud using the same credentials as the Cloud Provider and validates if the credentials provided have the required access for Platform9 to build and manage clusters.

The pf9cp CLI supports Windows 10, macOS, CentOS 7.X and Ubuntu 18.04 / 20.04

## **Install on Linux & macOS**

From the command line of your machine, run the following to download and install the CLI tool.

{% tabs %}
{% tab title="Bash" %}

```bash
bash <(curl -sL https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp_setup)
```

{% endtab %}
{% endtabs %}

Successful installation should look like:

{% tabs %}
{% tab title="Bash" %}

```bash
$ bash <(curl -sL https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp_setup)
 ____  _       _    __                      ___
|  _ \| | __ _| |_ / _| ___  _ __ _ __ ___ / _ \
| |_) | |/ _` | __| |_ / _ \| '__| '_ ` _ \ (_) |
|  __/| | (_| | |_|  _| (_) | |  | | | | | \__, |
|_|   |_|\__,_|\__|_|  \___/|_|  |_| |_| |_| /_/

19:24:01:11 : Initializing: /Users/anmols/pf9
19:24:01:11 : Ensuring /Users/anmols/pf9/bin exists
19:24:01:11 : Ensuring /Users/anmols/pf9/db exists
19:24:01:11 : Ensuring /Users/anmols/pf9/log exists
19:24:01:11 : Ensuring /Users/anmols/pf9/log/cli_install.log exists
Note: SUDO access required to run Platform9 CLI.
      You might be prompted for your SUDO password.

Downloading Platform9 CLI binary...
Password:

Platform9 CLI binary downloaded.

Installing Platform9 CLI...

19:24:09:11 : Platform9 CLI installation completed successfully.
Platform9 CLI installation completed successfully !

To start testing providers type:
        pf9cp help
```

{% endtab %}
{% endtabs %}

## **Install On Windows**

Download the CLI from one of the links below that match your configuration.

* For windows-32 : <https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp-win32.exe>
* For windows-64 : <https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp-win64.exe>

If using Windows, ensure that the downloaded exe file is located in a folder that is on the PATH environment variable. You can accomplish this by either copying it into a folder that's already on the PATH or by adding your folder to the PATH.

For example:

* Create a folder named pf9 in C drive.
* Copy the downloaded pf9cp-win64.exe to the C:\pf9 folder. Rename the file to pf9cp for convenience.
* Add C:\pf9 folder to your path by doing the following:
* Type Edit the system environment variables
  * Open the option Edit the system environment variables
  * Click Environment variables... button
  * Under the System Variables box, find Path variable
  * Click Edit
  * A window pops up, click New
  * Type the C:\pf9 in it.
  * Click OK on all open windows and restart the command prompt to use it.

<figure><img src="https://584068516-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtZryvDiHvZIhOZofYOWU%2Fuploads%2Fgit-blob-b2435effe3693c9ae1a7e35897daeb55a550e137%2F1634562094.png?alt=media" alt=""><figcaption></figcaption></figure>

## PF9CP CLI Commands

### Syntax Example

{% tabs %}
{% tab title="Bash" %}

```bash
pf9cp [command]
```

{% endtab %}
{% endtabs %}

### All Available Commands and Flags

{% tabs %}
{% tab title="Bash" %}

```bash
$ pf9cp help             
CLI tool for Platform9 cloud provider checks.

Usage:
  pf9cp [command]

Available Commands:
  check-amazon-provider checks if user has amazon cloud permission
  help                  Help about any command

Flags:
  -h, --help      help for pf9cp
      --verbose   print verbose logs

Use "pf9cp [command] --help" for more information about a command.
```

{% endtab %}
{% endtabs %}

### Command Examples

#### Command: check-amazon-provider

This command checks if a user have the appropriate Amazon cloud permissions.

{% tabs %}
{% tab title="Bash" %}

```bash
$ pf9cp check-amazon-provider --help
Checks if user has the correct permissions to use the amazon cloud provider

Usage:
  pf9cp check-amazon-provider [flags]

Flags:
  -a, --access_key string   sets the access key (required)
  -h, --help                help for check-amazon-provider
  -i, --iam_user string     sets the iam user (required)
  -r, --region string       sets the region (default "us-east-1")
  -s, --secret_key string   sets the secret key (required)

Global Flags:
      --verbose   print verbose logs
```

{% endtab %}
{% endtabs %}

Follow this link to get your AWS access key and secret key if you do not have them: <https://docs.aws.amazon.com/powershell/latest/userguide/pstools-appendix-sign-up.html>

A successful command effort should look like:

{% tabs %}
{% tab title="Bash" %}

```bash
$ pf9cp check-amazon-provider -i iamUser -a access-key -s secret-key -r us-east-1

✓ ELB Access
✓ Route53 Access
✓ Availability Zones success
✓ EC2 Access
✓ VPC Access
✓ IAM Access
✓ Autoscaling Access
✓ EKS Access
```

{% endtab %}
{% endtabs %}