How do I send programmatic access to an existing user in AWS?
OverviewWhen installing the platform, the installation needs the credentials of your AWS account to create the required infrastructure. This guide walks you through the steps for creating a restricted AWS IAM user, which has only the minimal set of permissions that are required for the installation. You'll need to provide the credentials of this user as part of the platform installation, as outlined in the platform's AWS cloud installation guide. Show
Step 1: AWS LoginLog into your AWS Management Console and select the IAM service.  Step 2: Create a New UserIn the side navigation menu, select Access management | Users, and then select Add user. Step 3: Set the User's Access Permissions and NameIn the Set user details section,
When you're done, select Next: Permissions. Step 4: Create a PolicySelect Attach existing policies directly, and then select Create policy. Download the platform IAM policy file that matches your selected application-cluster configuration:
Paste the contents of your selected policy file in the JSON tab of the AWS Management Console and select Review policy. Give the policy a name (for example, "ManageIguazioSystems" — recommended), optionally add a description, and select Create policy. Step 5: Create the UserFilter the policies for the name of the policy that you created and select the policy. Select Next: Tags and optionally assign user tags. Select Next: Review and review your role definition. When you're ready, select Create user. Step 6: Save the User CredentialDownload and save the credentials of the new user (Access key iD and Secret access key). Additional Resources
See Also
Tomasz Łakomy: [0:00] Start by logging into your AWS account with your root user. Next up, go to Services and search for IAM, which stands for Identity and Access Management. Click on that in order to get to the service. Next, in the Identity and Access Management dashboard click on Users in order to start creating an admin user. [0:16] Next up, click on Add user, and we're going to start creating our admin user. First up, user name, I'm going to call it admin-user. Next, we have to specify the AWS Access type. Is it going to be a programmatic access? What that means is that this user will be able to use the command line interface in order to access the AWS API, CLI, SDK, and other development tools. [0:37] I'm going to select that. I'm also going to select AWS Management Console Access. What that means is that this user will be able to login to AWS Console the same way that we are logged in right now. [0:46] Next, we have to specify the password for this user, whether it's going to be an auto generated password, or a custom one. We also have to specify whether we are going to require the password reset the next time this user is going to login to AWS. [0:58] I'm going to create a custom password. We can click over here in order to see the password. For the record, I will be deleting this user as soon as I finish recording this lesson. Next up, click on permissions. Right now, we can see that on this account, I don't have any groups. In order to create an admin user, we have to create a group for admin users and afterwards add this user to it. [1:14] I'm going to click on Create group, specify a group name. I'm going to call it AdminUsers. In order for those admin users to have administrator access, we have to attach a proper policy to this group. There are multiple policies that were already created by AWS for us. [1:28] First up, over here, we can see the Policy name, which is AdministratorAccess. If I expand that, we are going to be able to see the Policy summary. We have this Statement, which is specified as a JSON, and it's basically saying that admin users are allowed to take any action on any resource. This is exactly what we want right now. I'm going to go over here and attach this policy to this group. [1:50] Also, there are multiple other policies. For instance, if I search for API, I can see a policy for AmazonAPIGatewayAdministrator, which has slightly different policies. This policy allows to take any action on apigateway on any apigateway resource. [2:07] Nevertheless, we are only interested in AdministratorAccess right now, because we would like those users to be able to do anything that is necessary in this AWS account. [2:16] Next up, I'm going to click on Create Group. Now our group has been created and this user has been added to it. [2:20] Next up, click on Tags. Tags are completely optional. They are a key-value pairs that you can add to your users. For instance, you can specify their email address, also a job title, or something like that. You can use them in order to organize, track, or control access of the user. We are not that organized, and I'm just going to skip it and click on Review. [2:38] In the Review section, we are going to see that we are about to create an admin-user, which is going to have Programmatic access and AWS Management Console access, which is exactly what we want. There are also going to be added to the group AdminUsers that we just created. Click on Create User in order to create this user. [2:52] This part is important. We just specified that this user should have programmatic access to AWS resources. By programmatic access, what we mean is that this user is going to have an Access key ID and Secret access key. [3:03] This is highly important to remember, because this is the only time we are going to be able to see the secret access key. Do not share this key with anyone. I am showing this for the purpose of teaching you how to do that, and I will be deleting this user as soon as I finish recording this lesson. [3:17] You can also click over here in order to download a CSV file containing both access key ID and secret access key. Now we're prepared to configure our programmatic access in AWS CLI. Let us jump to our terminal. [3:27] In order to do that, you have to have AWS Command Line Interface tools installed. You can verify that by running aws --version. I have those installed. If you don't, there is a link in the description of this video showing how to do that, because there are different steps to be taken on Linux, macOS, and Windows. [3:43] Next, I run aws configure in order to configure our programmatic access to AWS. It's going to ask us for the AWS access key ID. Luckily, we do have that over here, so let me just copy, paste that. Next up, secret access key. Again, this is the only time that we are able to access the secret access key, so let me copy and paste that over here. [4:01] Default region name, I'm based in Europe, so I'm going to set eu-central-1. A small tip, if you don't remember the name of the region, you can always go over here and click on this drop-down in order to see the names of different AWS regions. Lastly, the default output format. I'm going to leave it as default. [4:16] Right now, our AWS CLI has been configured. We can verify that. Let me clear this terminal. For instance, you can run aws s3 ls, which is going to list every single S3 bucket I have in this account. You can also cut that AWS credentials in order to see your credentials, which again, you are not supposed to share with anyone. [4:36] That is why I'm going to go over here to IAM dashboard once more, click on users, select this user, and click on delete the user, so that nobody is going to be able to use those keys in order to do something weird with my AWS account. Click on Yes, delete, because I would like to delete this user, and this user doesn't exist anymore. How do I enable programmatic access for an existing user in AWS?Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/ . Choose Users in the navigation pane, choose the name of the user whose permissions you want to modify, and then choose the Permissions tab. Choose Add permissions, and then choose Copy permissions from existing user.
How do I provide programmatic access to AWS resources?Guidelines for protecting your AWS account while using programmatic access. Protect your root account. ... . Decide how to grant access to your AWS account. ... . Decide when to use access keys. ... . Grant least privileges to service accounts. ... . Use temporary credentials from AWS STS. ... . Utilize Access Advisor.. What is required for programmatic access into AWS services?Programmatic access users in IAM is required if you want to control or access your AWS services from the command line via AWS CLI tools. A programmatic access user will be given AWS Access Key ID and AWS Secret Access Key, which your AWS CLI tools will use to authenticate to AWS and execute your commands.
How do you control programmatic access?It is recommended that you use declarative access control to implement access control rules in your business network definition. However, you can implement programmatic access control in your transaction processors by retrieving and testing either the current participant or the current identity.
|
