Prerequisites to Add AWS Accounts

It is necessary to  Create & Attach a Policy to the User and set up Access Key ID & Secret access key as a prerequisite action to further proceed with adding the AWS Account.

Creating and attaching a policy to the user

This can be done using any of the following methods:

METHOD 1 - Using JSON to create a policy

  • Sign in to the AWS Management Console https://aws.amazon.com/console.

  • Search for IAM service in  the Find Services section  and choose the service. This will redirect you to the Identity and Access Management(IAM) page.

  • Choose Policies from the IAM Dashboard displayed on the left pane. 

  • Then, choose to Create policy  option and click on the JSON tab. 

  • On the JSON Editor, remove the existing text and paste the content of the JSON policy document which you can download using the following link: https://s3.console.aws.amazon.com/s3/buckets/vembuawspermissions/?region=ap-southeast-2&tab=overview.

  • Once you have entered the JSON, click on the Review policy button.

  • On the Review policy page, provide Name  and Description (optional) for the policy that you are creating and click on Create Policy.

  • Once the policy is created, you can select the user to whom the policy needs to be attached. Choose Users  on the IAM Dashboard and select the name of the user from the list to attach the created policy.  

  • On the Summary page of the selected user, click on Add Permissions. 

  • Select Attach Existing Policies Directly option on the Grant Permission Page.

  • Then, select the policy created using the above JSON from the list and click Next: Review.

  • Lastly, on the Permission Summary page, click the Add Permissions button. 

METHOD 2 - Using Visual editor to create a policy

  • Sign in to the AWS Management Console https://aws.amazon.com/console/.

  • Search for IAM service in the Find Services  section and choose the service. This will redirect you to the Identity and Access Management(IAM) page.

  • Choose Policies  from the IAM Dashboard displayed on the left pane.

  • Then, choose Create policy and click on the Visual Editor  tab.

  • On the Visual Editor page, click on Choose a service. Now, add the following services and enable the actions that need to be allowed for each service. For Actions, select the Access level and expand each of the access levels to choose individual actions. To grant access to more than one service, click Add additional permissions.

SERVICES 

ACTIONS

S3

List - ListBucket

Write - CreateBucket,PutObject

STS

Read -GetCallerIdentity

SSM (System Manager)

List - ListDocuments

Read - GetCommandInvocation

Write - CreateDocument,SendCommand

EC2

List - DescribeAvailabilityZones, DescribeKeyPairs, DescribeVolumes,DescribeInstances,DescribeRegions, DescribeVolumeStatus,DescribeInstanceStatus, DescribeSnapshotsDescribeVpcs

Tagging - CreateTags

Write - AttachVolume,DeleteSnapshot,RegisterImage, CreateImage,DeleteVolume,RunInstances,CreateSnapshots, DeregisterImage,CreateVolume,DetachVolume

  • Once you have chosen the services and actions, click on the Review policy  button.

  • On the Review policy page, provide Name  and Description (optional) for the policy that you are creating and click Create Policy.

  • Once the policy is created, you can select the user for whom the policy needs to be attached. Choose Users on the IAM Dashboard and select the name of the user from the list to attach the created policy.  

  • On the Summary page of the selected user, click on Add Permissions

  • Select Attach Existing Policies Directly option on the Grant Permission Page.

  • Then, select the policy created using the above JSON from the list and click Next: Review.

  • Lastly, on the Permission Summary page, click the Add Permissions  button. 

Access Key ID & Secret access key

  • Sign in to the AWS Management Console https://aws.amazon.com/console/.

  • Search for IAM service in the Find Services  section and choose the service. This will redirect you to the Identity and Access Management(IAM) page.

  • Choose Users from the IAM Dashboard displayed on the left pane. 

  • Select the user to whom the policy has been attached, and then choose the Security credentials  tab.

  • In the Access keys section, you can use the existing access key or create a new key:

    • If you have already generated an access key for the user, you will see the Access Keys list. The secret access key for this will be available in the .csv file which you must have downloaded earlier. You can use these access key details and add your AWS account to the BDRSuite Backup for the AWS.

    • To create a new access key, click the Create Access Key option. The new access keys will be generated and displayed one time on the screen. Click the Download .csv file to save the Access key ID and secret access key as a CSV file on your computer. The same can be used to add your AWS account to the BDRSuite Backup for the AWS.

NextPrevious