Configure AWS access using access keys for IAM users
This method describes the process of configuring AWS access by creating and using access keys for IAM users. It enables AWS access across all installation methods. Don't forget to add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to the c8-secret during installation.
Step 1: Create IAM User
Please refer to the official AWS documentation about creating access keys for IAM users
Important As a best practice, use temporary security credentials (such as IAM roles) instead of creating long-term credentials like access keys.
Step 2: Create IAM Role to assume by EC2 instance role.
Step 2.1: Download IAM Policy
Download the IAM policy that grants read permissions to all AWS resources:
Step 2.2: Create IAM Policy
Create the IAM policy:
Step 2.3: Create IAM Role
Create an IAM role that can be assumed by EC2 roles:
$account_id
The AWS account id from which you want to allow run discovery
$iam_user
The AWS IAM user name from which you want to allow run discovery
Create an IAM role with a defined trust relationship and description
Attach the sh-c8-discovery-policy policy to the sh-c8-discovery role
Note If you want to discover more AWS accounts, please repeat the 2nd step for each account.
Important Don't forget to add the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY variables to the c8-secret.
Last updated