One of the most common questions we’ve received is “How do I set up Operator so that I can use the redirectors?” We kinda glossed over some AWS configuration steps, so this blog is intended to get users bootstrapped on using the Cloud plugin in Operator.
We will go over 4 major steps that will take us from zero to provisioning:
IAM User creation
IAM Policy creation
EC2 key pair configuration
Configure the Cloud plugin in Operator
Let jump into it!
Step 1: IAM User Creation
Browse to the IAM Management Console. From there, select the Users tab:
Click on Add users:
From the add user screen, create a new username and select Access Key - Programmatic access as the credential type:
Click all the way through adding a user. Skip adding permissions for now, we are going to build and attach a policy to the user. Download the credential CSV to to access the Access key ID and Secret access key needed for the Operator credential configuration:
Step 2: IAM Policy Creation
From the IAM Management Console, select the Policies tab:
Click on Create Policy:
Click on the JSON tab an paste in this policy:
| { | |
| "Version": "2012-10-17", | |
| "Statement": [ | |
| { | |
| "Effect": "Allow", | |
| "Action": [ | |
| "ec2:AuthorizeSecurityGroupIngress", | |
| "ec2:DescribeAddresses", | |
| "ec2:DescribeImages", | |
| "ec2:DescribeInstances", | |
| "ec2:DescribeInstanceTypes", | |
| "ec2:DescribeSecurityGroups", | |
| "ec2:CreateSecurityGroup", | |
| "ec2:CreateTags", | |
| "ec2:RunInstances", | |
| "ec2:TerminateInstances" | |
| ], | |
| "Resource": "*" | |
| } | |
| ] | |
| } |
After pasting in the JSON blob, you policy should look like this:
Security Note: The above policy does not lock down the resources that the user is able to access. This policy is designed to show you the necessary Actions only. You should develop thorough resource restrictions based upon your preferred region, account ID, and more.
Click next until you reach the Review policy page. Save the policy by adding a name (PreludeProvisioningPolicy). Click on Create Policy to create the policy:
Next, search for the PreludeProvisioningPolicy, select it and select Actions → Attach:
On the next page, search for the IAM User (prelude-demo) that you created in Step 1 and click Attach:
Step 3: EC2 Key Pair Configuration
Browse to the EC2 Console and click on the Key Pairs tab in the left column:
Next click on Create key pair. Make sure you are in the correct region (us-east-1):
On the next page, create your key pair by providing a name (demo-keypair) then clicking on Create key pair:
Your key pair will automatically download:
Finally, I like to move my pem files to my home directory in the .ssh folder:
Step 4: Configure the Cloud plugin in Operator
Finally, we are ready! Open the IAM credential CSV file from Step 1 and paste the Access key ID and Secret access key in the AWS access key and AWS secret key inputs respectively. In the private key path, put in the path to your demo-keypair.pem file:
That’s it! You can now provision all of the Cloud resources to your hearts content! We will publish updates to this blog as updates are made to Operator. If you looking for more information about redirectors and VMs, check out these other blog posts: