Skip to main content

IAM Users

Note

Chef Automate 4.10.1 released on 6th September 2023 includes improvements to the deployment and installation experience of Automate HA. Please read the blog to learn more about key improvements. Refer to the pre-requisites page (On-Premises, AWS) and plan your usage with your customer success manager or account manager.

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You can use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

To run the terraform scripts, you need an IAM user with the following permissions:

  • AdministratorAccess
  • AmazonAPIGatewayAdministrator
  • AmazonS3FullAccess
  • IAMFullAccess

These permissions can be directly added to the user or via IAM Group.

Note

Keep access key ID and secret access key handy. Refer access key page for detailed information on regenerating access key ID and secret access key.

Once we have an AWS account, we’ll need to create an IAM user to programmatically interact with it and configure the AWS CLI (command-line interface). Amazon IAM enables you to manage users and user permissions in AWS. You can create one or more IAM users in your AWS account. You might create an IAM user for someone who needs access to your AWS console or when you have a new application that needs to make API calls to AWS. This is to add an extra layer of security to your AWS account.

Creating an IAM User

  1. Navigate to your AWS account.
  2. Select IAM from the list of services from the AWS console. The IAM dashboard screen appears.
    AWS IAM Dashboard
  3. Select Users from the Access management menu on the left.
  4. Select Create Users. The Specify user details screen appears.
  5. Enter the user name for the new user and other necessary details.
    AWS IAM User Creation
  6. Check the Access key - Programmatic access option under the Select AWS access type section. This is the sign-in name for AWS. If you want to add multiple users, choose to Add another user for each additional user and specify their user names. You can add up to 10 users at one time. This account will be used by your AWS CLI and will be connecting to the AWS API directly by not using the Management Console.
    AWS IAM User - Programmetic Access
  7. Select Next: Permissions.
  8. Select Attach existing policies directly.
  9. Filter the policies by keyword, IAM. For this user, select IAMFullAccess from the list of available policies.
    The IAMFullAccess policy enables this user to create and manage user permissions in AWS.
    AWS IAM User Policy
  10. Set the user permissions.
  11. Search for AdministratorAccess and select the policy.
  12. Search for AmazonAPIGatewayAdministrator and select the policy.
  13. Search for AmazonS3FullAccess and select the policy.
  14. Select Next: Tags.
  15. Provide key name and value as tagging for the user been created.
  16. Select Next: Review.
    AWS IAM User Review with permissions
  17. Select Create user.
  18. After user is created go to the Security Credentials tab
    AWS IAM User - Security Credentials
  19. Select Create Access key
    AWS IAM User - Create Access Key
  20. Select other on the list
    AWS IAM User - Access Key Type
  21. Select show to reveal the secret access key.
  22. Download and save the Secret access key.
    AWS IAM User Created with Access Key
  23. Take a note of the Access key ID and Secret access key.

Now, let’s configure the AWS CLI to deploy our applications from the command line. Refer Creating an IAM User page for creating an IAM user through CLI and API methods.

Edit this page on GitHub

Thank you for your feedback!

×