AWS Permissions

Why? After you have registered with Teraproc, Teraproc needs your permission to access certain AWS resources on your behalf (for example, Amazon EC2 and CloudFormation resources) to create cluster(s) for you.

How? You may choose an option below to provide your permission:

  1. Provide AWS Access Key. AWS Access Key is easy to create, but it is less secure.
  2. Provide AWS Identity and Access Management (IAM) Role. IAM Role takes more steps to create, but it is more secure.

 

Create an AWS Access Key

  1. Log in to your AWS management console.
  2. Click your account name on the top menu bar, then select “Security Credentials”.
    security
  3. Click “Continue to Security Credentials”.
  4. Choose “Access Keys”.
  5. Click the button “Create New Access Key”.
  6. Click “Download Key File” to save the key into a CSV file.

The CSV file can be opened with Excel or any text editor. You will need to copy and paste the values of AWSAccessKeyID (in the format of “AKIAIPAOGGZWYD7RCZDQ”) and AWSSecretKey (in the format of “DRsefqolR6WyX0X6ALQ/q40E4BpLztZ7fgrPS794”) into the Teraproc form of creating a cluster.

Create an IAM Role

  1. Log in to your AWS management console, the select “Identity & Access Management”.
  2. Select “Roles”, then click “Create New Role”.
  3. Give your role a unique name. The example here is: teraproc-access. Click “Next Step”.
  4. Select “Role for Cross-Account Access”, then select “Allows IAM users from a 3rd party AWS account to access this account”.

    Fill Account ID and External ID with the following strings.
    Account ID: 122931797421
    External ID: provision-R-cluster

    Then click “Next Step”.
  5. Click “Next Step” on the “Attach Policy” page.
  6. Click “Create Role” on the “Review” page.
  7. In the “Roles”, click the name of the role that you have just created to edit it.
  8. Under the “Permissions” section, select “Inline Policies” and create a new one.
  9. In the “Set Permissions”, select “Custom Policy”.
  10. Specify a policy name and copy the following content to this policy.
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "cloudformation:*"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "ec2:*"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "sns:*"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "iam:PassRole"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Effect": "Allow",
          "Action": [
            "autoscaling:*"
          ],
          "Resource": [
            "*"
          ]
        }
      ]
    }

    Then click “Apply Policy”.

  11. Now select and copy your ARN string from the role “Summary”, and paste it to the IAM Role ARN field when creating a cluster.