Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 165 fully featured services from data centers globally.
Follow steps:
- Generating policies
- Logging into the root account and creating a separate IAM user/users
- Giving permissions to new user/users and allowing them to manage instances
If you do not have an AWS account you need to create one. Visit AWS signup, and then choose Create an AWS Account.
Step 1 - Generating Policies
Instead of classifying newly added users in groups, you can manage permissions through policies that are attached to those groups.
(a) Inside the IAM dashboard,you will find a link to “Policies” on the right sidebar. But where you want to go is the "Identity providers" link right under the “Policies”.
(b) Tap on it and a list of available policies will appear including Administrator access, Alexa for business device setup, Alexa for business full access, Alexa for business gateway execution and many others.
(c) However you have to ignore the list, tap on Create policy above the list and you will be taken to a separate page where you are required to fill the Name and the description of the new policy.
(d) Of course you need a policy code which is provided by TryDirect (see below). Remove everything from JSON window and paste the code below into that window.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:ImportKeyPair",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeAccountAttributes",
"ec2:RunInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups"
],
"Resource": "*"
}
]
}Important! In case you want to allow TryDirect to create a domain and attach it to your server instance you will need to add the following rules
{
"Effect": "Allow",
"Action": [
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery: *"
],
"Resource": [
"*"
]
}So as a result, the code will be
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"ec2:DescribeImages",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeInstances",
"ec2:ImportKeyPair",
"ec2:CreateKeyPair",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DescribeAccountAttributes",
"ec2:RunInstances",
"ec2:DescribeKeyPairs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"route53:GetHostedZone",
"route53:ListHostedZonesByName",
"route53:CreateHostedZone",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:CreateHealthCheck",
"route53:GetHealthCheck",
"route53:DeleteHealthCheck",
"route53:UpdateHealthCheck",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"servicediscovery:*"
],
"Resource": "*"
}
]
}Step 2 - Creating an IAM User in Your AWS Account
Once you have a new policy, when there is a new member on your team, or when you create a new application that needs to make API calls, you can create new IAM users, and give permissions in your Amazon AWS account.
In order to create a user you need to follow the steps shown below:
(a) Create the user in the AWS Management Console by manually filling in the username
(b) Create a password for the user. You have two options to create passwords
Auto-generated password where each user gets a randomly generated password Custom password where each user is assigned the password that you type in the box.
Do not bother about creating access keys for a user who requires access only through the AWS Management Console.
Step 3 - Give Permissions To Users
You can now give the user permissions to perform the required tasks by:
(a) Checking the box beside programmatic access since the user may require access to the API, AWS and other tools. This will allow the creation of an access key for each new user. After this, go to the bottom of the page and click on next: permissions.
(b) Now, since you already created a policy in step 1, all you need to do is click on the link that says attach existing policies directly at the top right corner of the window.
(c) Once you click this link, a list of existing policies will appear including the one you created in Step 1. You can add more users to one or more groups and also grant permissions by attaching permission policies directly to the user using this method.
(d) Click on next: review and you will find the “Access KEY ID” and the “Secret access key” required for starting deployment on TryDirect install page.
(e) Once you are done with this, you can now hand over the necessary sign-in information to the user. This includes the:
- The password you created for the user
- The URL for the account sign-in page.
And on next page, you will find “Access KEY ID” and “Secret access key” required for Try Direct install page.
More Configurations
On the Set permissions page, specify how you want to assign permissions to this set of new users. If there is any need, you can limit the permissions that a user can have using a permissions boundary. This is an advanced feature.
- The Set permissions boundary section allows you to use a permission boundary to control the maximum allowance of user permissions.
- "Add user to group link" allows you to assign the users to one or more groups that already have permission policies. You can select one or more existing groups, or choose "Create group" to create a new group.
- The "Copy permissions from existing user link" allows you to copy all of the group memberships, attached managed policies, embedded inline policies, and any existing permissions boundaries from an existing user to the new users. Select the one whose permissions most closely match the needs of your new users.
- The "Attach existing policies to user directly" (explained in step 3) allows you to see a list of the AWS managed and customer managed policies in your account. Select the policies that you want to attach to the new users.