Prerequisites for key-based credential
In order to use key-based authentication you must have an IAM user which has the required permissions as well as an access and secret key.
If you are using key-based authentication for Cloudbreak on AWS, you must:
- Have an existing user or create a new user in IAM. The minimum permissions required for that user are described in CredentialRole.
- Be able to provide an AWS access key and secret key associated with this user. Cloudbreak will use these keys to launch resources on your AWS account. You must provide the access and secret keys later in the Cloudbreak web UI later when creating a credential.
You can create a user or generate new access and secret keys for an existing user from the IAM Console > Users.
Modifying an existing IAM user
If you already have an IAM user:
- Make sure that the user has minimum permissions by creating the policy described in CredentialRole and assigning it to the user in the Permissions tab.
- If you need to generate a new access key and secret key, you can do this from the Security credentials tab:
Creating a new IAM user
If you need to create a new IAM user, follow these steps:
- In your browser, log in to your AWS account and navigate to the IAM console.
- In the IAM console, navigate to the Users view, and click on Add user. This will open the Add user wizard.
- Under User name, provide some name for your user, and under Access Type, select Programmatic access. Once done, click on the Next button to navigate to the next page.
- Under Set permissions, select Attach existing policies directly and then click on Create policy. This will open the Create policy wizard in a new browser tab, allowing you to define a new policy.
- In the Create policy wizard, navigate to the JSON view, and then copy and paste the CredentialRole policy.
- On the Review policy page, provide some name for this policy. And click on the Create policy button to finalize the policy creation.
- Now that the IAM policy has been created, navigate back to the previous tab where you started creating your IAM user…. And click on the refresh button to refresh the list of policies.
- Next, search for the policy that you just created, select it, click on the Next button, and on the last page of the wizard, click on Create user.
- This will create a new user and generate the access key and secret key for that user. You will need to provide this access key and secret key to Cloudbreak, so make sure to save them for example by using the Download button. Furthermore, this is the only time that you can access the secret key. If you don’t save it at this point, you will need to generate a brand new key pair.