AWS Access Key

For using AWS access using AWS Access Key, you must create a new user with necessary policy access and then use the user access credentials (access key ID and secret access key) for cloud provider integration authentication. You need create a policy with specific permissions for the User.

To create a new user for Nirmata Private Edition:

  1. Login to the AWS Management Console and select IAM Services.
  2. Under Identity and Access Management (IAM) > Policies, click Create Policy.

image

  1. Under Policy, choose JSON and copy-paste the permissions as highlighted below -
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:TerminateInstances",
                "ec2:StartInstances",
                "ec2:StopInstances"
            ],
            "Resource": "arn:aws:ec2:*:094919933512:instance/*",
            "Condition": {
                "StringEquals": {
                    "ec2:ResourceTag/com.nirmata.createdBy": "nirmata"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "iam:GetRole",
                "iam:GetPolicyVersion",
                "autoscaling:Describe*",
                "ec2:DescribeInstances",
                "ec2:DetachNetworkInterface",
                "ec2:CreateTags",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:DeleteNetworkInterface",
                "ec2:RunInstances",
                "ec2:AssignPrivateIpAddresses",
                "iam:ListInstanceProfiles",
                "tag:TagResources",
                "ec2:CreateNetworkInterface",
                "iam:PassRole",
                "ec2:Describe*",
                "iam:SimulateCustomPolicy",
                "iam:CreateServiceLinkedRole",
                "ec2:DescribeNetworkInterfaces",
                "iam:ListPolicyVersions",
                "iam:ListAttachedRolePolicies",
                "ec2:AttachNetworkInterface",
                "eks:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "cloudformation:CreateChangeSet",
                "cloudformation:UpdateStack",
                "cloudformation:ExecuteChangeSet",
                "cloudformation:Describe*",
                "cloudformation:EstimateTemplateCost",
                "cloudformation:Get*",
                "cloudformation:List*",
                "cloudformation:ValidateTemplate",
                "cloudformation:DetectStackDrift",
                "cloudformation:DetectStackResourceDrift"
            ],
            "Resource": "*"
        }
    ]
}

  1. Click Review Policy and save the policy.

You can now create a user required for EC2 instance management in Nirmata that will use this Policy.

To generate a AWS Access Key ID and Secret key:

  1. Login to the AWS Management Console and select IAM Services.
  2. Select Users and click Add a User.

image

  1. Select programmatic access and click Next:Permission.

image

  1. Choose Attach existing policies directly and select the policy you created above.

image

  1. Add AWS Managed Policies such as AmazonEC2FullAccess, IAMFullAccess and AmazonEC2ContainerRegistryReadOnly also.

image

  1. Click Security Credentials tab on the User menu and click Create Access Key

  2. Download the Access Key Id and Secret key .

You can add the Access Key ID secret key in Nirmata.

image


Next Step: Setup an Nirmata Managed Cluster .