AWS Access Key Creation

Team Live Optics

 

To be able to start a Live Optics AWS collection, you need to enter an Access Key ID and a Secret Access Key as credentials.  Live Optics recommends that you create a temporary IAM User account that is used solely for the purposes of the Live Optics collection.  This document will help you understand what is an Access Key and its components, the Access Key ID, and the Secret Access Key, and how to create them with the correct privileges to run a Live Optics Collection.

 

Creating an AWS Temporary IAM User

Step 1: Access your AWS Management Console, then under Security, Identity,& Compliance click on IAM

 

mceclip0.png

 

Step 2: From the IAM dashboard, click on User.

 

mceclip1.png

Step 3: Then Click on Add User

 

mceclip2.png

Step 4: First, choose a User name (1) , then choose the Programmatic access option (2), then click on Next Permissions (3)

 

mceclip3.png

Step 5: Choose Attach existing policies directory (1), then click on Create policy (2)

 

mceclip4.png

Step 6: A new tab will pop-up with the Create policy view, Choose the JSON option (1), then copy paste the content of the below JSON , after that click on Review Policy (2).  AWS_Policy file is attached at the bottom of the article.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "autoscaling:DescribeAutoScalingGroups",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"cloudwatch:GetMetricData",
"cloudwatch:ListMetrics"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor2",
"Effect": "Allow",
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeRegions",
"ec2:DescribeVolumes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeSnapshots"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor3",
"Effect": "Allow",
"Action": "elasticfilesystem:DescribeFileSystems",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor4",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:DescribeTargetGroups"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor5",
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeInstanceHealth"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor6",
"Effect": "Allow",
"Action": "glacier:ListVaults",
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor7",
"Effect": "Allow",
"Action": [
"rds:DescribeDBInstances",
"rds:DescribeDBClusters"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
},
{
"Sid": "VisualEditor8",
"Effect": "Allow",
"Action": [
"s3:GetEncryptionConfiguration",
"s3:GetLifecycleConfiguration",
"s3:GetBucketWebsite",
"s3:ListAllMyBuckets",
"s3:GetBucketVersioning",
"s3:GetBucketLocation"
],
"Resource": "*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "0.0.0.0/0"
}
}
}
]
}

mceclip6.png

Step 7: Type a Policy name in the Name field (1), then click on Create policy (2), you will then get a screen stating that your policy has been created

 

mceclip7.png

Step 8: Navigate back to , Refresh the page to reflect the newly created policy, Type the name of the policy in the search box, select the policy you just created (1), then click on Next Tags (2)

 

mceclip8.png

Step 9: Add a Key name (1), then click on Next Review (2)

 

mceclip9.png

Step 10: After Reviewing, Click on Create User.

 

mceclip10.png

Step11: Please note that this will be the only time that you will be able to see your Access Key ID and Secret access key, you must either Download CVS (1) or Save your credentials (2).

 

mceclip11.png

Step 12: Once you get the Access key ID and Secret access key, you will be able to use them as credentials to start a Live Optics AWS collection.

 

You should be all set and ready to begin your Live Optics collection.

 

Definitions

Access key

The combination of an access key ID (like AKIAIOSFODNN7EXAMPLE) and a secret access key (like wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). You use access keys to sign API requests that you make to AWS.

Access key ID

A unique identifier that's associated with a secret access key; the access key ID and secret access key are used together to sign programmatic AWS requests cryptographically.

Secret access key

A key that is used in conjunction with the access key ID to cryptographically sign programmatic AWS requests. Signing a request identifies the sender and prevents the request from being altered. You can generate secret access keys for your AWS account, individual IAM users, and temporary sessions.

Policy

IAM: A document defining permissions that apply to a user, group, or role; the permissions in turn determine what users can do in AWS. A policy typically allows access to specific actions, and can optionally grant that the actions are allowed for specific resources, like EC2 instances, Amazon S3 buckets, and so on. Policies can also explicitly deny access.

Permission

A statement within a policy that allows or denies access to a particular resource. You can state any permission like this: "A has permission to do B to C." For example, Jane (A) has permission to read messages (B) from John's Amazon SQS queue (C). Whenever Jane sends a request to Amazon SQS to use John's queue, the service checks to see if she has permission. It further checks to see if the request satisfies the conditions John set forth in the

 

AWS_Policy JSON

Was this article helpful?
0 out of 0 found this helpful
Article is closed for comments.