Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Abiquo 4.7

Skip to end of metadata
Go to start of metadata

Obtain credentials for an AWS account

Abiquo provides this general guide to AWS credentials but AWS functionality may vary between accounts and change at any time. If you have any doubts, please check the AWS documentation.

To configure the AWS integration in Abiquo, you will need credentials to access your AWS account. Abiquo recommends that you use IAM users as recommended by AWS.

AWS credentials are an Access Key ID and Secret Access Key.

Only use ONE set of AWS keys for each enterprise in each datacenter

AWS will allow you to generate two sets of active keys for each IAM user. However, in Abiquo you can only add one set per enterprise. If you try to add another set, for example, using the API, you will get an error message.

Create a new user and obtain credentials

The following procedure describes how to obtain AWS credentials by creating a user in a new group with a new access policy. You can always select an existing group and/or access policy to assign to your user.

To create a new user and obtain AWS credentials:

  1. Open the AWS console
  2. Go to Services (top left menu) →  IAM → Users.
  3. Click Add user. 
    1. Enter the User name
    2. Select Programmatic access
    3. Click Next:Permissions
  4. Under Add user to group, click Create group
    1. Enter the Group name
    2. Select the existing policies OR
    3. Click Create policy
    4. On the Create policy tab, go to the JSON tab and enter your access policy, as provided by your system administrator. 

       Click here to show/hide an example

      This policy is an example only. Please check your policy with your system administrator

      {
          "Version": "2012-10-17",
          "Statement": [
              {
                  "Action": "ec2:*",
                  "Effect": "Allow",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "elasticloadbalancing:*",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "cloudwatch:*",
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": [
                      "iam:DeleteServerCertificate",
                      "iam:UploadServerCertificate",
                      "iam:ListServerCertificates",
                      "iam:GetServerCertificate"
                  ],
                  "Resource": "*"
              },
              {
                  "Effect": "Allow",
                  "Action": "autoscaling:*",
                  "Resource": "*"
              },
              {
                  "Action": [
                      "pricing:*"
                  ],
                  "Effect": "Allow",
                  "Resource": "*"
              }
          ]
      }
    5. Click Review policy
    6. Enter the Name and Description, check the resource access, and click Create policy
  5. Go back to the Create group tab
    1. Click Refresh
    2. If you can't see the policy, filter by name to display it, and select the policy
    3. Click Create group
  6. On the Add user page, select the group
  7. Click Next:Tags and enter the Key and Value of tags as required
  8. Click Next:Review
  9. Click Create user
  10. Obtain User credentials. Copy the Access key ID and click Show and copy the Secret access key. To download a credentials file, click Download .csv. By default the file will be saved as credentials.csv in your Downloads folder. Close the credentials window.

Allow pricing actions

To enable the platform to obtain pricing details from the AWS Pricing API, add pricing permissions to your main user's group or create a separate user and group with pricing permissions.

The pricing permissions are included in the following policy, which you could assign to your user's group. These permissions are already included in the previous example.

AWSPriceListServiceFullAccess

To create a new user with only pricing permissions, assign this policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

To add pricing permissions to a policy, include the following JSON code in the "Statement" list:

 		{
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }

Don't forget to add a comma before the new policy.

 Click here to expand...

This policy is an example only. Please check your policy with your system administrator

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Action": [
                "pricing:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

 

Manage credentials

  1. From IAM → Users, click on the User Name

  2. Go to Security Credentials

    • Here you can manage the access keys. It is not necessary for the IAM user to have a password for login or MFA.

This is an example of the format of the credentials.csv file opened in a text editor:

User Name,Access Key Id,Secret Access Key
"MJSB",AKIAJHWYJYNWV2RAAAAA,YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY
  1. The Access Key ID is the characters AKIAJHWYJYNWV2RAAAAA in the above example.
  2. The Secret Access Key for your Access Key ID is the characters YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY in the above example.
  • No labels