Pre-Requisites
Install Requirements
note
This is specific to Self Hosted deployments. For Sath hosted connectors, these requirements are already in place.
- You need to install Helm version 3 or above.
- You can use Kubernetes cluster (1.26 or above) to install the connector
Connection Requirements
Below is needed to connect to AWS
- An active AWS EC2 instance - For reconciliation and provisioning
- A service account (user) with required permissions
- Customer/inline policy to manage each AWS account
- Generate Access Key and Secret Access Key
info
You need to login as an admin to your AWS instance in order to setup the service account.
Create Service Account
To create an IAM user in the AWS account, perform the following steps:
- Go to IAM > Users > Add User
- Perform the following steps to add a user in the Add User page:
- In the Set user details section, enter the user name (sign-in name for AWS).
- In the Select AWS access type section, under Access type, select Programmatic access checkboxes.
- To manually enter the user password, select Custom password.
- Select the Require password reset checkbox and then select Next: Permissions.
- From the Add User page, select Set Permissions and click Next: Tags without making any change.
- From the Add tags (optional) page, click Next: Review and review all details used for creating the user and then click on Create user. You will receive a success message on the screen after you creating the user.
- Click Close
Create Inline Policy
info
Inline policy documentation for AWS connector is coming soon.
Generate AWS access key and Secret Access Key
- Go to IAM > Users and Click on Service account for which keys will be generated
- Select Create access key from Access Keys section
- Select option Application running outside AWS and click Next
- Add Description tag value (optional) and click Create access key
This will generate both keys. Copy the values and store for adding to the configuration file.
Permissions
Below are the list of permissions required to be provided to the service account.
| Action | Permission Needed |
|---|---|
| Create User Account | CreateUser GetUser |
| Update Account | UpdateUser TagUser |
| Delete Account | GetUser DeleteUser GetLoginProfile DeleteLoginProfile ListAccessKeys DeleteAccessKey ListSigningCertificates DeleteSigningCertificate ListSSHPublicKeys DeleteSSHPublicKey ListServiceSpecificCredentials DeleteServiceSpecificCredential ListMFADevices DeactivateMFADevice ListVirtualMFADevices DeleteVirtualMFADevice ListUserPolicies DeleteUserPolicy ListAttachedUserPolicies GetPolicy DetachUserPolicy ListGroupsForUser GetGroup ListAttachedGroupPolicies RemoveUserFromGroup GetSSHPublicKey |
| Add Entitlement to Account | AttachUserPolicy AddUserToGroup |
| Remove Entitlement from Account | DetachUserPolicy RemoveUserFromGroup |
| Fetch Account (with Tags) | GetAccountAuthorizationDetails GetUser |
| Fetch Entitlement (with Tags) | ListPolicies GetPolicy ListGroups GetGroup |
| Fetch Entitlement of Accounts | ListGroupsForUser GetGroup ListAttachedGroupPolicies ListAttachedUserPolicies GetPolicy |
| Disable/Enable Account | Same as Update Account |