How to connect an AWS account

  • 3 minute(s) read
Prev Next

This document explains the steps to integrating Amazon Web Services (AWS) with Cloud IAM to provision, manage, and monitor access to the Cloud Service Provider (CSP).

Requirements

Create a policy in the AWS console

  1. In the AWS Console, go to the IAM page.
  2. In the side menu, click Access management > Policies.
  3. Click Create policy.
  4. In the Policy editor, click the JSON option.
  5. Copy the following JSON and paste it into the policy editor:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "opsworks:DescribeStacks",
                "iam:DeleteAccessKey",
                "opsworks:DescribePermissions",
                "iam:CreateUser",
                "iam:CreateAccessKey",
                "iam:CreateLoginProfile",
                "opsworks:UpdateUserProfile",
                "iam:RemoveUserFromGroup",
                "iam:AddUserToGroup",
                "iam:ListAttachedUserPolicies",
                "iam:DetachUserPolicy",
                "opsworks:CreateUserProfile",
                "iam:DeleteLoginProfile",
                "iam:ListAccessKeys",
                "iam:GetPolicyVersion",
                "iam:ListPolicies",
                "iam:GetPolicy",
                "iam:AttachUserPolicy",
                "iam:DeleteUserPolicy",
                "opsworks:DescribeUserProfiles",
                "iam:UpdateAccessKey",
                "iam:ListRoles",
                "iam:DeleteUser",
                "iam:ListUserPolicies",
                "opsworks:DeleteUserProfile",
                "iam:ListGroupsForUser",
                "opsworks:DescribeInstances",
                "iam:ListUsers",
                "iam:ListGroups",
                "iam:GetUser",
                "iam:GetLoginProfile",
                "iam:GetAccountAuthorizationDetails"
            ],
            "Resource": "*"
        }
    ]
}
  1. Click Next.
  2. Enter a name for the policy.
  3. (Optional): Configure optional settings, such as description and tags.
  4. Click Create policy.

For more details, see the Create IAM policies (console) AWS documentation.

Create a user with the custom policy in the AWS console

  1. In the AWS console, go to the IAM page.
  2. In the side menu, click Access management > Users.
  3. Click Create user.
  4. Enter an username and click Next.
  5. In the Permission options field, select the Attach policies directly.
  6. In the Permissions policies table, select the policy you created on Create a policy in the AWS console.
  7. Click Create user.

For more details, see the Create an IAM user in your AWS account AWS documentation.

Create an access key for the user in the AWS console

  1. In the AWS console, go to the IAM page.
  2. In the side menu, click Access management > Users.
  3. Click the user you created on Create a user with the custom policy in the AWS console
  4. Go to the Security credentials tab.
  5. In the Access keys section, click Create access key and tick the checkbox: "I understand the above recommendation and want to proceed to create an access key.".
  6. (Optional): Enter a description tag.
  7. Click Create access key.
  8. Copy the access key value and the secret access key and save them.. You can also click the Download .csv file button to download the credentials. You’ll need these values when you integrate your account with Segura.

For more details, see the Manage access keys for IAM users AWS documentation.

Integrate AWS with Cloud IAM

To integrate an AWS account with Cloud IAM, see the following steps:

  1. On Segura, in the navigation bar, hover over the Products menu and select Cloud IAM.
  2. In the side menu, select Management > Accounts.
  3. In the top right corner, click Add.
  4. In the Settings tab, enter the following information:
    1. In the Name field, enter a name for the account.
    2. (Optional): In the Optional field, enter a description for the account.
    3. (Optional): In the Tags field, enter tags to help identifying the account.
  5. Click Continue.
  6. In the AWS tab, enter the following information about the AWS provider:
    1. In the Access Key field, enter the access key obtained in the step 9. of the section Create an access key for the user in the AWS console.
    2. In the Secret Access Key field, enter the secret access key obtained in the step 9. of the section Create an access key for the user in the AWS console.
    3. In the Default Region * field, select your AWS account region.
  7. Click Continue until you get to the Review tab.
  8. In the Review tab, verify all the information previously entered in the past tabs, and click Save.

The newly added account will appear in the Accounts report.

Do you still have questions? Reach out to the Segura Community.