| sidebar | permalink | summary |
|---|---|---|
sidebar |
create-auth-credentials-on-aws.html |
Learn how to locate your AWS auth credentials, or create new AWS credentials, so that you can use NKS. |
To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS), you will either need to create a new set of AWS credentials, or find your existing credential.
To use this feature, you will need an NKS account. If you don’t have one already, you can sign up for a free 30-day trial with no credit card required at https://nks.netapp.io.
After you add your AWS credentials to your NKS account, click here to learn how to create a Kubernetes cluster on AWS
To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS), you will need to:
-
Create an AWS user.
-
Create a policy which grants full access to:
-
Autoscaling
-
CloudWatch
-
EC2
-
Elastic Load Balancing
-
IAM
-
Route 53
-
-
Attach this policy to the user.
To create a user, sign into the AWS Management Console then click Services.
In the Security, Identity & Compliance column, click IAM.
Click Users.
Click Add User.
Enter the User Name then choose the Access type.
If this user will only be used to access the API, SDK, and other development tools, click Programmatic access. If this user is for someone who will need to log in to the AWS Management Console, choose AWS Management Console access.
Then click Next: Permissions to continue.
Choose whether to add the user to a group, copy permissions from an existing user, or attach existing policies directly.
Note: Amazon recommends using groups as a "best practice" way to manage user permissions.
If you need to create a new policy, see the next section for our recommended policy details.
If you choose to add the user to a group, you can either create a new group or select an existing group.
Then click Next: Review to continue.
Confirm the new user’s information, then click Create user to create the user.
Click Download .csv and save the user’s security credentials to your computer.
Then click Close to return to the Users page.
When creating a new AWS policy, you will need to allow your user full access to the following services:
-
Autoscaling
-
CloudWatch
-
EC2
-
Elastic Load Balancing
-
IAM
-
Route 53
For an easy way to create a single policy to grant all the necessary access, click Policies. You can also access this page from the user account creation process by selecting Attach existing policies directly > Create policy.
Click Create Policy.
Click to select Create Your Own Policy.
Fill out the Policy Name field with a name you will be able to identify, like StackPointCloudPolicy.
Note that you can only use alphanumeric characters plus a few other characters like - and +. You cannot use spaces in the policy name.
Copy the following and paste it into the Policy Document field:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "elasticloadbalancing:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudwatch:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "autoscaling:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"route53:*"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"elasticloadbalancing:DescribeLoadBalancers"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}Click Create Policy to create the policy and return to the Policy page.
Click Users to return to the Users page.
Click your user account to go to the user management page.
Click the Permissions tab, then click Attach Policy.
Type the name of your policy into the Filter field to locate your policy. Tick the box to select the policy, then click Attach Policy to attach it to your user.
The user account is now ready to be used to create a cluster from the NKS website. The user’s Access Key ID and Secret Access Key are in the credentials.csv file which you downloaded when you created the user.
To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS) you will need your Access Key ID and Secret Access Key. You can find these in the credentials.csv file which you downloaded when you created the user.
You can only view or download the Access Key ID and Secret Access Key when you create the user or the user’s access key. However, you can create new access keys at any time.
If you no longer have the credentials.csv file which you downloaded when you created the AWS user, you can create a new access key at any time.
Sign in to the AWS Management Console. In the Find Services section, search for IAM. Click the search result for IAM: Manage User Access and Encryption Keys.
Click Users.
Click the user whose credentials you need to access.
Click the Security credentials tab.
If the user has an active access key, delete it. Click Create access key to create a new access key.
At the prompt, download the credentials.csv file. You can also copy and paste the Access Key ID and Secret Access Key from this pop-up window. Be sure to save credentials.csv in a safe place.
Did this article answer your question? If not, contact us.