29Jul

Create AWS cloud credential

Cloud account is sometimes called as cloud credential. You need to initiate cloud credentials to access some information from your cloud resources. For example, Amazon Web Services (AWS), requires access keys and secret keys, Azure requires app registration, GCP requires service account.

To create AWS cloud credential, we need to setup and collect the following information:

AWS Cloud Credential parameters

Account ID
Access key / Secret key

AWS Cloud Credential's policy

Cloud Expense: Cost & Billing policy, Report Name (Cost & Usage report)
Cloud Safe: Security Auditing policy
Cloud Automation: Resource policy

1. Create AWS Cloud Credential

Creating IAM user

Click link to Sign In: https://aws.amazon.com/

Click to AWS IAM console to create IAM user with name CloudSuite_{application} or any name that you want (eg. CloudSuite_expense)

Select Programmatic access to avoid any unexpected access from Console.

Add tag to user (optional)

Owner: your_account (eg. hadd7)
Purpose: CloudSuite_{Application}_Credential (eg. CloudSuite-Credential)

2. Attach the policy

We provide you the policy of Cloud Credential according to the least privileges to avoid any security issue.

Cloud Apps	Policy
Cloud Safe	SecurityAudit, CloudSafeCustomPolicy
Cloud Expense	CostExpenseCustomPolicyv2 ReadOnlyAccess
Cloud Automation	ReadOnlyAccess or associated permissions depending on the templates that you use

Attach the AWS pre-defined policies which is associated with your application such as Security Audit of Cloud Safe, Read-Only of Cloud Expense, Administrator of Cloud Ops.