Create an AWS IAM Role

Steps to create an IAM user and Access Keys on AWS

Overview

AWS Identity and Access Management (IAM) allows you to securely control access to AWS resources. For seamless integration with Scoutflo Deploy, you’ll need to create an IAM user with the appropriate permissions, allowing Scoutflo to manage your AWS resources effectively, such as provisioning EKS clusters, managing networking components, and deploying applications.

This guide will walk you through the process of creating an IAM user, setting up permissions, and generating the necessary credentials to connect your AWS account to Scoutflo Deploy.

Getting Started

Prerequisites

Before you begin, ensure you have:

An active AWS account: Make sure you have access to an AWS account with admin privileges to create users and assign permissions.
Supported AWS region: Confirm that the AWS region you intend to use for your EKS cluster is available and listed on Scoutflo Deploy.
Access to the AWS Management Console: You should have console access to perform the required steps.

Connect your AWS account

To link your AWS account to Scoutflo Deploy, you need to provide an AWS access key id and secret access key with the required IAM permissions.

You can link more than one AWS account as well by saving your key pair as a Secret. Scoutflo Deploy will store the encrypted Secret as a key pair linked with your Scoutflo Atlas account that you can access anytime later, without the need to fetch and type the keys again.

Create your AWS credentials - `access key id` and `secret access key`

Step 1: Create an AWS IAM User for Scoutflo

1. Log in to the AWS Management Console

Visit the AWS Management Console and log in using your admin credentials

2. Access IAM Service

From the AWS Console, search for and select IAM (Identity and Access Management).

3. Create a New IAM User

In the IAM Dashboard, click on Users in the left-hand navigation panel.
Click on the Add Users button.

4. Configure User Details

User name: Enter scoutflo as the username (you can customize this, but using 'scoutflo' makes it easy to identify).
Access type: Select Programmatic access. This will enable the user to interact with AWS services using an access key ID and secret access key.

Note: Programmatic access is necessary to allow Scoutflo to manage resources on your behalf using the AWS SDK or CLI.

Step 2: Set Up IAM Permissions for the Scoutflo User

1. Create a New User Group

To manage permissions effectively, it’s best to create a user group:

Click on Add user to group.
Select Create group.
Group name: Enter Admins-Scoutflo.

2. Attach Policies to the Group

AWS policies define the permissions granted to a user or group. Attach the following managed policies to grant the necessary permissions:

AmazonEKSFullAccess: Provides full access to manage Amazon EKS clusters.
AmazonEC2FullAccess: Grants full access to manage EC2 instances, which are often required when provisioning EKS clusters.
AmazonS3FullAccess: Provides access to manage S3 buckets, which may be needed for storing artifacts or state files.
IAMFullAccess: Enables full control over IAM roles and policies.
AWSCloudFormationFullAccess: Grants access to manage CloudFormation stacks, which Scoutflo may use for infrastructure provisioning.
AmazonVPCFullAccess: Allows full control over VPC resources.
AWSKeyManagementServicePowerUser: Grants permissions to manage encryption keys.

Tip: These permissions provide comprehensive access for EKS and infrastructure management. You can refine permissions further by creating a custom policy if needed.

Step 3: Generate Access Key ID and Secret Access Key

The next step is to create the access key pair that Scoutflo will use to interact with AWS:

1. Access Security Credentials

From the IAM console, select Users on the left-hand panel.
Click on the scoutflo user to access its details.
Navigate to the Security credentials tab.

2. Create Access Keys

Under Access keys, click on Create access key.
Select Command Line Interface (CLI), SDK, & API access to generate a key pair for programmatic access.

3. Download Access Key and Secret Access Key

You’ll be provided with an Access Key ID and Secret Access Key. Make sure to download and store these credentials securely, as you will need them to connect Scoutflo Deploy to your AWS account.

Important: For security reasons, the Secret Access Key will only be displayed once. Store it in a secure location, such as a password manager.

Step 4: Connect Your AWS Account to Scoutflo Deploy

Now that you have your AWS credentials, you can connect your AWS account to Scoutflo:

1. Log in to Scoutflo Deploy

Go to deploy.scoutflo.com and log in to your Scoutflo account.

2. Access Cloud Integration Settings

Navigate to Account Settings → Cloud Integrations.

3. Add AWS Credentials

Click Add New Cloud Account → AWS.
Enter the Access Key ID and Secret Access Key you generated earlier.
Provide a nickname for this AWS account to help you identify it within Scoutflo.

4. Test and Save

Scoutflo will validate the credentials and permissions.
Once validated, click Save. Your AWS account is now connected to Scoutflo Deploy!

Note: You can connect multiple AWS accounts by repeating the above process and saving each key pair as a Secret. Scoutflo will store these keys in an encrypted format, allowing secure access without having to re-enter them.

Frequently Asked Questions (FAQs)

Q1: Can I use an existing IAM user instead of creating a new one for Scoutflo?

Yes, you can use an existing IAM user, but make sure it has the required permissions attached as outlined above. It is recommended to create a dedicated IAM user for Scoutflo to ensure better access control and security.

Q2: Why does Scoutflo need such extensive permissions?

Scoutflo requires full access to manage your EKS clusters, VPC configurations, IAM roles, and other AWS resources on your behalf. This level of access is essential for provisioning, scaling, and deploying your infrastructure and applications.

Q3: How can I manage access to multiple AWS accounts in Scoutflo?

Scoutflo supports the integration of multiple AWS accounts. You can repeat the above process for each AWS account you wish to connect, allowing you to manage infrastructure across different environments (e.g., development, staging, production).

Security Best Practices

Rotate Access Keys Regularly: Regularly rotate the access key ID and secret access key to minimize security risks.
Enable Multi-Factor Authentication (MFA): For enhanced security, enable MFA for your AWS root account and IAM users.
Use Least Privilege Access: Consider creating a custom policy with only the required permissions if you want to restrict access further.

Next Steps

Congratulations! You have successfully created an AWS IAM user and integrated your AWS account with Scoutflo. You can now proceed to deploy your Kubernetes clusters, manage your infrastructure, and deploy applications using the Scoutflo platform.

If you encounter any issues during this process or need further assistance, please refer to the AWS IAM documentation or contact the Scoutflo support team.

PreviousAWS EKS Cluster NextList of IAM permissions for your scoutflo IAM user on AWS

Last updated 1 month ago