f33d by Prelude

Share this post
How To: Set up AWS for Operator
feed.prelude.org

How To: Set up AWS for Operator

Setting up the bare minimum AWS settings for deploying Redirectors

Alex Manners
Nov 8, 2021
Share this post
How To: Set up AWS for Operator
feed.prelude.org

One of the most common questions we’ve received is “How do I set up Operator so that I can use the redirectors?” We kinda glossed over some AWS configuration steps, so this blog is intended to get users bootstrapped on using the Cloud plugin in Operator.

We will go over 4 major steps that will take us from zero to provisioning:

  1. IAM User creation

  2. IAM Policy creation

  3. EC2 key pair configuration

  4. Configure the Cloud plugin in Operator

Let jump into it!

Step 1: IAM User Creation

Browse to the IAM Management Console. From there, select the Users tab:

Users page in IAM sidebar

Click on Add users:

Add users button

From the add user screen, create a new username and select Access Key - Programmatic access as the credential type:

Adding a prelude-demo IAM user

Click all the way through adding a user. Skip adding permissions for now, we are going to build and attach a policy to the user. Download the credential CSV to to access the Access key ID and Secret access key needed for the Operator credential configuration:

User has been created and the credential CSV is available for downloading

Step 2: IAM Policy Creation

From the IAM Management Console, select the Policies tab:

Policies page in IAM sidebar

Click on Create Policy:

Create policy button

Click on the JSON tab an paste in this policy:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DescribeAddresses",
"ec2:DescribeImages",
"ec2:DescribeInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:RunInstances",
"ec2:TerminateInstances"
],
"Resource": "*"
}
]
}
view raw iam_policy.json hosted with ❤ by GitHub

After pasting in the JSON blob, you policy should look like this:

Policy added to the JSON template area

Security Note: The above policy does not lock down the resources that the user is able to access. This policy is designed to show you the necessary Actions only. You should develop thorough resource restrictions based upon your preferred region, account ID, and more.

Click next until you reach the Review policy page. Save the policy by adding a name (PreludeProvisioningPolicy). Click on Create Policy to create the policy:

Name the policy and add a description

Next, search for the PreludeProvisioningPolicy, select it and select Actions → Attach:

Find the policy you’ve created and select Attach

On the next page, search for the IAM User (prelude-demo) that you created in Step 1 and click Attach:

Attach the IAM Policy to the IAM User created in Step 1

Step 3: EC2 Key Pair Configuration

Browse to the EC2 Console and click on the Key Pairs tab in the left column:

Click on Key Pairs in the left hand column

Next click on Create key pair. Make sure you are in the correct region (us-east-1):

Create key pair button in us-east-1 region

On the next page, create your key pair by providing a name (demo-keypair) then clicking on Create key pair:

Create a demo-keypair.pem key for EC2

Your key pair will automatically download:

Private key automatically downloads

Finally, I like to move my pem files to my home directory in the .ssh folder:

Move private key to your .ssh folder

Step 4: Configure the Cloud plugin in Operator

Finally, we are ready! Open the IAM credential CSV file from Step 1 and paste the Access key ID and Secret access key in the AWS access key and AWS secret key inputs respectively. In the private key path, put in the path to your demo-keypair.pem file:

Cloud credential configuration modal completed

That’s it! You can now provision all of the Cloud resources to your hearts content! We will publish updates to this blog as updates are made to Operator. If you looking for more information about redirectors and VMs, check out these other blog posts:

  • Cloudy with a chance of redirectors

  • Go on the offensive

  • Can you hear me now?

Share this post
How To: Set up AWS for Operator
feed.prelude.org
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Prelude Research, Inc.
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing