Instructions on how to configure an IAM user with required permissions for use with CloudEndure.
CloudEndure requires programmatic access to Amazon Web Services (AWS) to manage resources required for replication. This access enables CloudEndure to configure the staging area as well as the ability to launch test and production instance.
This document will detail the steps to create an AWS user, grant permissions via a policy, and provide credentials to CloudEndure.
For additional details on creating AWS user and managing IAM policies, please see AWS documentation at: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
The CloudEndure FAQ regarding required IAM policies is available here:
Creating a User in AWS
Create a user that will be granted permissions to perform programmatic actions on behalf of CloudEndure.
- Log onto the AWS Console
- Click on SERVICES on the top left
- Click on IAM under Security, Identity & Compliance
- In the Identify and Access Management (IAM) dashboard click on USERS
- Click the blue ADD USER button in the user view
- Enter a User name of your choice
- Check off PROGRAMMATIC ACCESS under Access Type
- Click the blue Next: Permissions button at the bottom of the screen
- Select ATTACH EXISTING POLICIES DIRECTLY box
- Click on CREATE POLICY and a new browser tab or window will open
- In the Create Policy screen, click the blue SELECT button next to CREATE YOUR OWN POLICY
The default IAM policy for CloudEndure is available at: https://console.cloudendure.com/IAMPolicy.json
- Enter a POLICY NAME and optional DESCRIPTION
- Copy and paste the CloudEndure from the URL above into the POLICY DOCUMENT section
- VALIDATE POLICY and then click on the blue CREATE POLICY button
- Close the CREATE POLICY tab or window and return to the SET PERMISSIONS FOR USER screen
On the SET PERMISSIONS FOR USER screen
- Click the REFRESH button to load the newly created policy
- Filter the policy list by the name of the newly created policy
- Click the checkmark next to the newly created policy
- Click the blue NEXT:REVIEW button at the bottom of the screen
- Click the blue CREATE USER button at the bottom of the screen
You will be presented with an ACCESS KEY ID and SECRET ACCESS KEY. Ensure that you copy both as you will need to enter these keys in the CloudEndure console. Note that the SECRET ACCESS KEY will not be available past this screen, ensure that you copy it to notepad or similar.
Granting CloudEndure Access
The final step is to enter the AWS Access key ID and Secret access key in the CloudEndure console.
- Log on to the CloudEndure console at http://console.cloudendure.com using the previously created credentials
- Create a new project or select the appropriate project from the pulldown in the upper left
- Click on Setup & Info, then the AWS CREDENTIALS tab
- Enter the AWS Access key ID and Secret access key
- Click on the SAVE button at bottom of the screen
You are now ready to start installing the CloudEndure agent.