Remove unnecessary references to AWS_ACCESS_KEY_ID (#2056)

Author: deliahu

CONTRIBUTING.md

@@ -132,8 +132,8 @@ Create `dev/config/env.sh` with the following information:
 
 export AWS_ACCOUNT_ID="***"  # you can find your account ID in the AWS web console; here is an example: 764403040417
 export AWS_REGION="***"  # you can use any AWS region you'd like, e.g. "us-west-2"
-export AWS_ACCESS_KEY_ID="***"
-export AWS_SECRET_ACCESS_KEY="***"
+export AWS_ACCESS_KEY_ID="***"  # alternatively, you can remove this to use the default credentials chain on your machine
+export AWS_SECRET_ACCESS_KEY="***"  # alternatively, you can remove this to use the default credentials chain on your machine
 
 # export NUM_BUILD_PROCS=2  # optional; can be >2 if you have enough memory
 ```

cli/cmd/cluster.go

@@ -742,12 +742,8 @@ func printInfoOperatorResponse(clusterConfig clusterconfig.Config, operatorEndpo
 	}
 	infoResponse.ClusterConfig.Config = clusterConfig
 
-	fmt.Println(console.Bold("metadata:"))
-	fmt.Println(fmt.Sprintf("aws access key id: %s", infoResponse.MaskedAWSAccessKeyID))
-	fmt.Println(fmt.Sprintf("%s: %s", clusterconfig.APIVersionUserKey, infoResponse.ClusterConfig.APIVersion))
-
-	fmt.Println()
 	fmt.Println(console.Bold("cluster config:"))
+	fmt.Println(fmt.Sprintf("%s: %s", clusterconfig.APIVersionUserKey, infoResponse.ClusterConfig.APIVersion))
 	fmt.Print(yamlString)
 
 	printInfoPricing(infoResponse, clusterConfig)

cli/types/cliconfig/config_key.go

@@ -21,6 +21,4 @@ const (
 	DefaultEnvironmentKey = "default_environment"
 	NameKey               = "name"
 	OperatorEndpointKey   = "operator_endpoint"
-	AWSAccessKeyIDKey     = "aws_access_key_id"
-	AWSSecretAccessKeyKey = "aws_secret_access_key"
 )

dev/operator_local.sh

@@ -64,8 +64,6 @@ ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")"/.. >/dev/null && pwd)"
 eval $(python3 $ROOT/manager/cluster_config_env.py "$ROOT/dev/config/cluster.yaml")
 
 export CORTEX_DEV_DEFAULT_IMAGE_REGISTRY="$CORTEX_DEV_DEFAULT_IMAGE_REGISTRY"
-export CLUSTER_AWS_ACCESS_KEY_ID="${CLUSTER_AWS_ACCESS_KEY_ID:-$AWS_ACCESS_KEY_ID}"
-export CLUSTER_AWS_SECRET_ACCESS_KEY="${CLUSTER_AWS_SECRET_ACCESS_KEY:-$AWS_SECRET_ACCESS_KEY}"
 
 python3 $ROOT/dev/update_cli_config.py "$HOME/.cortex/cli.yaml" "${CORTEX_CLUSTER_NAME}" "http://localhost:8888"
 

docs/clusters/management/auth.md

@@ -16,7 +16,7 @@ AWS credentials required to authenticate cortex client requests to the operator
 
 ### Cluster management
 
-It is recommended that your AWS credentials have AdminstratorAccess before running `cortex cluster *` commands.
+It is recommended that your AWS credentials have AdministratorAccess before running `cortex cluster *` commands.
 
 After spinning up a cluster using `cortex cluster up`, the IAM entity user or role that created the cluster is automatically granted `system:masters` permission to the cluster's RBAC. Make sure to keep track of which IAM entity originally created the cluster.
 

docs/clusters/management/delete.md

@@ -12,10 +12,6 @@ Prometheus volume are not automatically deleted when running `cortex cluster dow
 To delete them:
 
 ```bash
-# set AWS credentials
-export AWS_ACCESS_KEY_ID=***
-export AWS_SECRET_ACCESS_KEY=***
-
 # identify the name of your cortex S3 bucket
 aws s3 ls
 

docs/workloads/async/example.md

@@ -37,11 +37,7 @@ labels = ["setosa", "versicolor", "virginica"]
 
 class PythonPredictor:
     def __init__(self, config):
-        if os.environ.get("AWS_ACCESS_KEY_ID"):
-            s3 = boto3.client("s3")  # client will use your credentials if available
-        else:
-            s3 = boto3.client("s3", config=Config(signature_version=UNSIGNED))  # anonymous client
-
+        s3 = boto3.client("s3")
         s3.download_file(config["bucket"], config["key"], "/tmp/model.pkl")
         self.model = pickle.load(open("/tmp/model.pkl", "rb"))
 
@@ -59,7 +55,7 @@ class PythonPredictor:
         return {"label": labels[label_id]}
 ```
 
-```
+```python
 # requirements.txt
 
 boto3

docs/workloads/dependencies/images.md

@@ -75,8 +75,6 @@ For example, to use ECR, first create a repository to store your image:
 # We create a repository in ECR
 
 export AWS_REGION="***"
-export AWS_ACCESS_KEY_ID="***"
-export AWS_SECRET_ACCESS_KEY="***"
 export REGISTRY_URL="***"  # this will be in the format "<aws_account_id>.dkr.ecr.<aws_region>.amazonaws.com"
 
 aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $REGISTRY_URL

manager/install.sh

@@ -38,7 +38,6 @@ function cluster_up() {
 
   echo -n "￮ updating cluster configuration "
   setup_configmap
-  setup_secrets
   echo "✓"
 
   echo -n "￮ configuring networking (this might take a few minutes) "
@@ -93,7 +92,6 @@ function cluster_configure() {
 
   echo -n "￮ updating cluster configuration "
   setup_configmap
-  setup_secrets
   echo "✓"
 
   # this is necessary since max_instances may have been updated
@@ -218,13 +216,6 @@ function setup_configmap() {
     -o yaml --dry-run=client | kubectl apply -f - >/dev/null
 }
 
-function setup_secrets() {
-  kubectl -n=default create secret generic 'aws-credentials' \
-    --from-literal='AWS_ACCESS_KEY_ID'=$CLUSTER_AWS_ACCESS_KEY_ID \
-    --from-literal='AWS_SECRET_ACCESS_KEY'=$CLUSTER_AWS_SECRET_ACCESS_KEY \
-    -o yaml --dry-run=client | kubectl apply -f - >/dev/null
-}
-
 function setup_prometheus() {
   envsubst < manifests/prometheus-operator.yaml | kubectl apply -f - >/dev/null
   envsubst < manifests/prometheus-statsd-exporter.yaml | kubectl apply -f - >/dev/null

pkg/operator/endpoints/info.go

@@ -18,13 +18,11 @@ package endpoints
 
 import (
 	"net/http"
-	"os"
 	"sort"
 	"strings"
 
 	"github.com/cortexlabs/cortex/pkg/lib/aws"
 	"github.com/cortexlabs/cortex/pkg/lib/k8s"
-	s "github.com/cortexlabs/cortex/pkg/lib/strings"
 	"github.com/cortexlabs/cortex/pkg/operator/config"
 	"github.com/cortexlabs/cortex/pkg/operator/schema"
 	"github.com/cortexlabs/cortex/pkg/types/clusterconfig"
@@ -49,10 +47,9 @@ func Info(w http.ResponseWriter, r *http.Request) {
 	}
 
 	response := schema.InfoResponse{
-		MaskedAWSAccessKeyID: s.MaskString(os.Getenv("AWS_ACCESS_KEY_ID"), 4),
-		ClusterConfig:        fullClusterConfig,
-		NodeInfos:            nodeInfos,
-		NumPendingReplicas:   numPendingReplicas,
+		ClusterConfig:      fullClusterConfig,
+		NodeInfos:          nodeInfos,
+		NumPendingReplicas: numPendingReplicas,
 	}
 	respond(w, response)
 }