Skip to content

Creating a new AWS Cloud IAM user

Note

We do not recommend using this approach to authenticate SecureCloudDB to your AWS resources. To reduce any chance of misconfigurations or human error, we recommend creating a new role instead.

Creating IAM Users (Console)

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. Select Users and the click Add User.

  3. Type the name for the new user. We recommend SecureCloudDB-ReadOnly for easier manageability.

  4. Select the type of access:

    • Programmatic Access: Users require access to the API, AWS CLI, or Tools for Windows PowerShell. This creates an access key for each new user.
    • AWS Management Console Access: Users require access to the AWS Management Console. This creates a password for each new user.

    Note

    For SecureCloudDB authentication purposes we only require Programmtic Access. Information on the permissions SecureCloudDB requires can be found in the Authentication Policies section.

  5. On the next step, assign read-only permissions to the user for each service.

  6. (Optional) Set the permissions boundary. This is an advanced feature.

  7. Move onto the tags step and add any tags you may want. You can add any metadata to the user using key-value pairs.

  8. Once you are finished, click Create User.

  9. To view the users' Access Key, select Show next to each value that you want to see.

    Note

    Once you move forward you will not be able to see the secret value again. Make that you save the secret access key before closing the window.

  10. In the Asset Discovery Configuration creation wizard, enter the Access Key Id and Secret Access Key gathered in the previous step.

Creating IAM Users (AWS CLI)

  1. Create a user.

    aws iam create-user --user-name <DESIRED-USER-NAME> 
    

  2. Give the user programmatic access. This requires access keys.

    aws iam ceate-access-key --user-name <DESIRED-USER-NAME> 
    

  3. In the Asset Discovery Configuration creation wizard, enter the Access Key Id and Secret Access Key from the output of the previous step.