Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo 5.0

Skip to end of metadata
Go to start of metadata

Obtain credentials for an AWS account

To configure the AWS integration in Abiquo, you will need credentials to access your AWS account. Abiquo recommends that you use IAM users, as recommended by AWS.

Note that you may require separate credentials for some groups of regions, for example, regions in China.

AWS credentials are an Access Key ID and Secret Access Key.

Only use ONE set of AWS keys for each enterprise in each datacenter

AWS will allow you to generate two sets of active keys for each IAM user. However, in Abiquo you can only add one set per enterprise. If you try to add another set, for example, using the API, you will get an error message.

Abiquo provides this general guide to AWS credentials but AWS functionality may vary between accounts and change at any time. If you have any doubts, please check the AWS documentation.


Create a new user and obtain credentials

To obtain AWS credentials, you will need to assign a group and/or access policy to your user. If you already have a group and/or access policy, you can use them.

To can create a user in a new group with a new access policy, do these steps. 

  1. Open the AWS console
  2. Go to Services (top left menu) →  IAM → Users (left sidebar)
  3. Click Add user
    1. Enter the User name
    2. Select Programmatic access
    3. Click Next: Permissions
  4. Under Add user to group, select a group or click Create group.
    To create a group do these steps:
    1. Enter the Group name
    2. Select existing policies, or click Create policy
    3. In the Create policy section, go to JSON, and enter your access policy, as provided by your system administrator. 

       Click here to show/hide an example

      This policy is an example only. Please check your policy with your system administrator

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Action": "ec2:*",
                  "Effect": "Allow",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "elasticloadbalancing:*",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "cloudwatch:*",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "iam:DeleteServerCertificate",
                      "iam:UploadServerCertificate",
                      "iam:ListServerCertificates",
                      "iam:GetServerCertificate"
                  ],
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "autoscaling:*",
                  "Resource": "*"
              },
              {
                  "Action": [
                      "pricing:*"
                  ],
                  "Effect": "Allow",
                  "Resource": "*"
              }
          ]
      }
    4. Click Review policy
    5. Enter the Name and Description, check the resource access, and click Create policy
  5. Go back to the previous browser tab with the Create group dialog open
    1. Click Refresh
    2. If you can't see the policy, filter by name to display it, and select the policy
    3. Click Create group
  6. On the Add user to group page, select the group
  7. Click Next: Tags and enter the Key and Value of tags as required
  8. Click Next: Review
  9. Click Create user
  10. To obtain user credentials, do these steps.
    1. Copy the Access key ID
    2. Click Show and copy the Secret access key
    • To download a credentials file, click Download .csv. By default the file will be saved as credentials.csv in your Downloads folder. 
    1. Close the Credentials window.

Allow pricing actions

To enable the platform to obtain pricing details from the AWS Pricing API, add pricing permissions to your main user's group or create a separate user and group with pricing permissions.

The pricing permissions are included in the following policy, which you could assign to your user's group. These permissions are already included in the previous example.

AWSPriceListServiceFullAccess

To create a new user with only pricing permissions, assign this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

To add pricing permissions to a policy, include the following JSON code in the "Statement" list:

 		{
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }

Don't forget to add a comma before the new policy.

 Click here to expand...

This policy is an example only. Please check your policy with your system administrator

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

 

Manage credentials

To manage credentials, do these steps.

  1. From IAM → Users, click on the User Name

  2. Go to Security Credentials

    • Here you can manage the access keys. It is not necessary for the IAM user to have a password for login or MFA.

This is an example of the format of the credentials.csv file opened in a text editor:

User Name,Access Key Id,Secret Access Key
"MJSB",AKIAJHWYJYNWV2RAAAAA,YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
  1. The Access Key ID is the string of characters before the comma, which is AKIAJHWYJYNWV2RAAAAA in the above example.
  2. The Secret Access Key for the Access Key ID is the string of characters after the comma, which is YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY in the above example.
  • No labels