WEBVTT 00:00.840 --> 00:03.030 -: In the last section, we added in a tremendous amount 00:03.030 --> 00:05.880 of configuration to our travis.yml file. 00:05.880 --> 00:07.290 Now, the last thing we have to add in here 00:07.290 --> 00:10.710 is a set of API keys that are going to give access 00:10.710 --> 00:14.550 to our AWS account over to Travis CI. 00:14.550 --> 00:15.383 The last thing we have to do 00:15.383 --> 00:17.070 is generate that set of API keys 00:17.070 --> 00:20.370 and then enter them into this travis.yml script. 00:20.370 --> 00:21.780 So let's get to it. 00:21.780 --> 00:22.980 I'm going to first get started 00:22.980 --> 00:26.250 by opening up my AWS console again. 00:26.250 --> 00:28.470 I'll then find the services tab at the top 00:28.470 --> 00:31.610 and I'm going to search for IAM. 00:31.610 --> 00:35.310 IAM is a service that is used to manage API keys 00:35.310 --> 00:37.383 that can be used by outside services. 00:38.550 --> 00:40.700 On the left hand side, let me zoom in here, 00:41.790 --> 00:44.040 we're gonna find the section of users 00:44.040 --> 00:47.220 'cause we're essentially gonna get generate a new user 00:47.220 --> 00:49.503 that is going to be used by Travis CI. 00:51.000 --> 00:53.200 Then at the top, I'll find add user 00:54.510 --> 00:56.580 and then I'll provide a username. 00:56.580 --> 00:58.290 So I'll give this a descriptive name, 00:58.290 --> 01:03.283 how about something like Docker React Travis CI? 01:05.520 --> 01:06.690 And then underneath that, 01:06.690 --> 01:09.900 I'm going to give programmatic access only. 01:09.900 --> 01:12.000 The set of API keys that we're gonna generate here 01:12.000 --> 01:14.200 are only going to be used by Travis CI 01:15.150 --> 01:17.010 through network request. 01:17.010 --> 01:19.080 Travis CI is never going to be making direct use 01:19.080 --> 01:20.853 of the AWS Management Console. 01:22.680 --> 01:25.260 Then hit next for permissions. 01:25.260 --> 01:28.770 And then we're going to attach existing policies directly. 01:28.770 --> 01:30.960 So we don't have any other policy groups 01:30.960 --> 01:32.790 or any other existing users. 01:32.790 --> 01:34.953 We're gonna add some direct policies. 01:36.660 --> 01:39.450 Now, these policies right here are essentially permissions. 01:39.450 --> 01:42.180 We are granting permissions to this new user 01:42.180 --> 01:43.320 that we are creating. 01:43.320 --> 01:44.910 So right now, we're essentially listing out 01:44.910 --> 01:47.040 all the different things that this new user 01:47.040 --> 01:49.290 is going to have the ability to do. 01:49.290 --> 01:51.570 In particular, we wanna make sure that this new user 01:51.570 --> 01:53.790 has the ability to deploy our application 01:53.790 --> 01:55.530 to Elastic Beanstalk. 01:55.530 --> 01:58.240 So I'm going to search for Beanstalk 01:59.370 --> 02:02.160 and then I'll see a bunch of different policies 02:02.160 --> 02:05.250 that have been pre-generated by AWS up here. 02:05.250 --> 02:07.230 You can look at the description of each. 02:07.230 --> 02:08.820 By far, the easiest one to use 02:08.820 --> 02:11.253 is Provides Full Access right here. 02:12.660 --> 02:16.050 So I'm going to make sure that I find Provides Full Access, 02:16.050 --> 02:17.910 and I'll go all the way over to the left hand side, 02:17.910 --> 02:19.473 and click on that checkbox, 02:20.940 --> 02:22.803 and then I'll click on Next Review, 02:24.540 --> 02:25.840 and then I'll create user. 02:27.630 --> 02:29.880 So that generates a set of API keys 02:29.880 --> 02:32.970 that can be used by Travis CI to deploy our application. 02:32.970 --> 02:34.230 Now, this is really important. 02:34.230 --> 02:36.840 The secret access key that has been generated 02:36.840 --> 02:40.050 is only going to be shown to you exactly one time. 02:40.050 --> 02:41.700 So when you click on Show right here 02:41.700 --> 02:43.380 and it shows you that API key, 02:43.380 --> 02:45.750 you need to make sure that you write this thing down 02:45.750 --> 02:48.570 because if you want to get access to this key again, 02:48.570 --> 02:49.650 well, you can't. 02:49.650 --> 02:52.413 You would have to regenerate the key entirely. 02:53.310 --> 02:55.680 So we're going to now use the access key ID 02:55.680 --> 02:57.630 and the secret access key. 02:57.630 --> 02:58.890 Now, one quick thing. 02:58.890 --> 03:02.190 We do not want to take those keys directly, our keys, 03:02.190 --> 03:05.100 and put them directly into our travis.yml file. 03:05.100 --> 03:07.710 Remember, right now, our GitHub repository 03:07.710 --> 03:08.970 is entirely public. 03:08.970 --> 03:10.290 So if we put those GitHub... 03:10.290 --> 03:12.630 Or I mean, those AWS keys into our repo 03:12.630 --> 03:15.240 and then push that up to GitHub, everyone in the world 03:15.240 --> 03:17.640 is gonna have access to our AWS account. 03:17.640 --> 03:19.110 And so above all, we're gonna make sure 03:19.110 --> 03:22.260 that we do not put those keys directly in here. 03:22.260 --> 03:24.480 Instead, we're gonna make use of a feature 03:24.480 --> 03:27.963 of environment secrets provided by Travis CI. 03:29.400 --> 03:31.800 So I'm gonna go back over to my Travis dashboard. 03:31.800 --> 03:35.640 Remember, you can get here at travis-ci.org, 03:35.640 --> 03:37.530 and I'm gonna pull up my project. 03:37.530 --> 03:40.410 So again, I called mine Docker React. 03:40.410 --> 03:43.680 Then on the right hand side, I'll find the More Options 03:43.680 --> 03:45.303 and I'll go to Settings. 03:46.320 --> 03:47.940 We can then scroll down a little bit 03:47.940 --> 03:50.640 and find Environment Variables right here. 03:50.640 --> 03:53.310 So this right here is where we are going to stash 03:53.310 --> 03:54.720 those secret keys. 03:54.720 --> 03:57.150 These environment variables are going to be encrypted 03:57.150 --> 03:59.190 and stored by Travis CI. 03:59.190 --> 04:01.350 So we don't have to worry about outside people 04:01.350 --> 04:02.880 getting access to those keys 04:02.880 --> 04:05.163 and kinda making use of them in a bad way. 04:06.390 --> 04:10.200 With each key, we provide a name and a value for that key. 04:10.200 --> 04:11.940 So the first key that we're going to define 04:11.940 --> 04:15.960 as an environment variable is our access key. 04:15.960 --> 04:18.130 So I'm going to copy the access key 04:19.590 --> 04:23.337 then I'll provide a name over here of AWS access key 04:26.490 --> 04:29.280 and I'll paste the value in like so. 04:29.280 --> 04:30.930 And notice how we're going to make sure 04:30.930 --> 04:33.630 that "Display value in build log" is not checked 04:33.630 --> 04:37.710 'cause we do not want to display this value in the log. 04:37.710 --> 04:39.450 I'll then click on Add and as you can see, 04:39.450 --> 04:40.980 it essentially gets tucked away 04:40.980 --> 04:43.263 and I can no longer really get access to it. 04:47.880 --> 04:50.280 All right, now we're gonna do the secret as well. 04:50.280 --> 04:51.690 So I'll copy the secret, 04:51.690 --> 04:53.553 make sure you get the entire secret. 04:54.510 --> 04:57.540 I'll go back over and I'll define a second key. 04:57.540 --> 05:01.060 I'll call this one AWS secret key 05:02.070 --> 05:04.230 and I'll paste in the value for that as well. 05:04.230 --> 05:05.330 And then I'll hit Add. 05:06.630 --> 05:09.090 All right, so we've now got our two access keys, 05:09.090 --> 05:11.250 our both the access key and the secret key 05:11.250 --> 05:13.473 successfully encrypted on Travis CI. 05:14.496 --> 05:17.640 We'll now go back over to our travis.yml file 05:17.640 --> 05:19.147 and inside of here, we're gonna say, 05:19.147 --> 05:22.170 "Hey, I have an access key for you, but you're gonna get it 05:22.170 --> 05:25.140 from the local environment configuration." 05:25.140 --> 05:29.250 So I'll say, "Access key ID is going to come 05:29.250 --> 05:32.073 from the environment variable of $ AWS_ACCESS_KEY, 05:38.460 --> 05:41.763 and for secret access key, 05:45.270 --> 05:46.377 AWS_SECRET_KEY." 05:49.350 --> 05:51.060 And I personally, actually had to wrap this 05:51.060 --> 05:52.320 in double quotes like so. 05:52.320 --> 05:54.390 So you might wanna do that as well. 05:54.390 --> 05:56.460 According to the documentation, I don't think you have to, 05:56.460 --> 05:58.533 but I found that you had to. 05:59.670 --> 06:01.050 Okay, so that's pretty much it. 06:01.050 --> 06:05.580 So now, after Travis CI attempts to build our project 06:05.580 --> 06:06.720 and run our tests, 06:06.720 --> 06:08.670 it will then attempt to deploy our application 06:08.670 --> 06:11.070 over to Elastic Beanstalk. 06:11.070 --> 06:12.330 So as the very last thing, 06:12.330 --> 06:14.580 we're going to commit all the work that we have now done 06:14.580 --> 06:17.820 and we're going push it up to the master branch on GitHub. 06:17.820 --> 06:19.290 Again, we're going to eventually use this 06:19.290 --> 06:21.870 kind of nice feature branch flow. 06:21.870 --> 06:22.703 But for right now, 06:22.703 --> 06:23.940 we just wanna make sure things are working, 06:23.940 --> 06:25.983 so we're gonna push directly to master. 06:27.210 --> 06:29.430 So I'm gonna go back over to my terminal, 06:29.430 --> 06:31.800 I'll do a git status and just double check to make sure... 06:31.800 --> 06:33.333 Yep, I changed that file. 06:34.230 --> 06:37.020 I'll do a git add, a git commit, 06:37.020 --> 06:42.020 and I'll say something like, "Added Travis deploy config," 06:43.050 --> 06:46.293 and then I'll do a git push origin master. 06:50.490 --> 06:54.000 All right, so now again, if I flip back over to Travis CI 06:54.000 --> 06:57.270 and go back to my dashboard for my project, 06:57.270 --> 06:59.430 in just a moment or two, I'll see something up here 06:59.430 --> 07:01.950 right here that says, "Okay, we're running a new build." 07:01.950 --> 07:04.290 And just like before, you might have to refresh the page 07:04.290 --> 07:05.940 to get that to actually pop up. 07:05.940 --> 07:06.910 So I'll do so now 07:07.980 --> 07:10.170 and it looks like it's not quite coming in just yet 07:10.170 --> 07:11.730 but it should, just any moment. 07:11.730 --> 07:13.440 So let's take a quick break right here. 07:13.440 --> 07:14.790 I'll let the build finish up 07:14.790 --> 07:16.943 and then we'll continue in the next section.