forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-iam-users.html.md.erb
65 lines (43 loc) · 2.18 KB
/
aws-iam-users.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
---
title: Creating IAM Users
---
## <a id="create"></a> Creating new IAM user
1. Log into the AWS console: [https://console.aws.amazon.com/console/home](https://console.aws.amazon.com/console/home).
<%= image_tag("images/deploy-microbosh-to-aws/account-dashboard.png") %>
1. Click your account name and select **Security Credentials**.
<%= image_tag("images/deploy-microbosh-to-aws/security-credentials-menu.png") %>
1. If the AWS IAM confirmation box is presented, click **Get Started with IAM Users** to go to IAM Users management page. Alternatively go directly to [users list](https://console.aws.amazon.com/iam/home#users).
<%= image_tag("images/deploy-microbosh-to-aws/iam-modal.png") %>
1. Click **Create New Users** button.
<%= image_tag("images/deploy-microbosh-to-aws/list-iam-users.png") %>
1. Enter a descriptive name for a new user, make sure that access keys will be generated for each user and click **Create** button.
<%= image_tag("images/deploy-microbosh-to-aws/create-iam-users.png") %>
1. Record **Access Key ID** and **Secret Access Key** for later use. Click **Close** link to get back to the list of users.
<%= image_tag("images/deploy-microbosh-to-aws/get-iam-creds.png") %>
1. Click on a new user from the list of users.
1. Click on **Inline Policies** panel and choose to create a new inline policy.
<%= image_tag("images/deploy-microbosh-to-aws/attach-iam-policy.png") %>
1. Choose **Custom Policy**.
1. Add a policy configuration for the chosen user and click **Apply Policy**.
<%= image_tag("images/deploy-microbosh-to-aws/add-iam-inline-policy.png") %>
For example your aws-cpi's inline policy allows full EC2 and ELB access:
```yaml
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1448388791000",
"Effect": "Allow",
"Action": [ "ec2:*" ],
"Resource": [ "*" ]
},
{
"Sid": "Stmt1448389431000",
"Effect": "Allow",
"Action": [ "elasticloadbalancing:*" ],
"Resource": [ "*" ]
}
]
}
```
<p class="note">Note: It's highly encouraged to set very restrictive policy to limit unncessary access.</p>