The Startup Stack

The Startup Stack

The Startup Stack

Fork me on GitHub

Once you have your account opened, entered your credit card and went through the process of being verified on Amazon, you will need to get your access keys.

The AWS access keys are API keys that allow you to access all the services on Amazon.

No Root Access by default

The recommendation is not to have a root access key, meaning you should not create an access key for the admin user (you), alternatively, you need to create an AIM user and use those access keys.

This is a best practive in order to manage access to resources better.

Choose a name/names for your users

Get the keys

You can either copy pase or download a CSV and use it to store in a vault or something like that.

Secure your keys

Once the keys are created you cannot view them, download them or change them, you can only create new keys, make sure you save those keys in a secure place.

Key Pair

Once you have your API credentials, you will also need your key pairs in order to SSH into the machines for the first time.

Go here and create your keys.

this is assuming you are using us-west-2 as the region

I usually create multiple key pairs for environments and not a single one.

For example, right off the bat I usually start with

test is usually assigned to the CI servers or other machines that are running test tasts. The rest are also pretty self explanatory

Now, create your key, say you create production first. Once you create it you will be able to download it.

I usually put my keys in the ~/.pem directory.

So, you downloaded production.pem.txt to ~/Downloads and now, lets move it to the right place.

  $ cd ~/Downloads
  $ mkdir ~/.pem
  $ mv production.pem.txt ~/.pem/production.pem
  $ chmod 600 ~/.pem/production.pem

The chmod part here is very important, if you don't do it, you will get a warning like WARNING: UNPROTECTED PRIVATE KEY FILE!.

User Policy

In order for this user to be able to do anything on Amazon you will need to attach a policy.

When you navigate to the user, you will see a User ARN field

Copy this value and make sure you have it, since we'll need it for the next stage

Now, scroll down to attach inline policies

Go through the custom policy.

Select policy name FullAccess and give this Document

    "Statement": [
            "Effect": "Allow",
            "Action": "*",
            "Resource": "YOUR_USER_ID"

YOUR_USER_ID being the id you copied in the previous stage.

Hit Validate Policy to make sure everytihng works and apply it.

Edit This Page | Page History