Coordimap
Configuration/AWS

Creating an AWS Read-Only IAM User for Coordimap

To securely connect the Coordimap agent to your AWS account (as outlined in the AWS Configuration guide), it's essential to use an IAM (Identity and Access Management) user with the minimum required permissions. This guide walks you through creating a dedicated AWS read-only user.

Using a read-only user ensures that the Coordimap agent can only discover your AWS resources (like EC2 instances, VPCs, Load Balancers) for diagramming purposes and cannot make any changes to your environment. This is a critical security best practice.

Step 1: Navigate to IAM in AWS Console

  1. Log in to your AWS Management Console.
  2. In the top search bar, type IAM and select the IAM service (Identity and Access Management).

IAM Search in AWS Console

Step 2: Add a New IAM User

  1. In the IAM dashboard, click on Users in the left-hand sidebar menu.
  2. Click the Create user button (or "Add users" depending on your console view).

Step 3: Specify User Details and Access Type

  1. User name: Enter a descriptive name for the user (e.g., coordimap-readonly-agent).
  2. AWS credential type: Select Access key - Programmatic access. This is crucial because the Coordimap agent needs API keys (Access Key ID and Secret Access Key) to interact with AWS services programmatically.
  3. Console access (Optional but Recommended to Disable): It's generally best practice for service accounts like this not to have console access. Ensure Password - AWS Management Console access is deselected.
  4. Click Next: Permissions.

Set User Details

Step 4: Attach Read-Only Permissions

  1. Select the option Attach existing policies directly.
  2. In the filter policies search box, type ReadOnlyAccess.
  3. Find the AWS managed policy named ReadOnlyAccess and check the box next to it. This policy grants permissions to view resources across most AWS services without allowing any modifications.
  4. Click Next: Tags.

Set ReadOnly Permission Policy

Step 5: Add Tags (Optional)

You can add tags (key-value pairs) to help organize and identify your IAM users. This step is optional. Click Next: Review.

Step 6: Review and Create User

  1. Carefully review the user details and the attached ReadOnlyAccess policy.
  2. Ensure Programmatic access is enabled and Console access is disabled (recommended).
  3. Click Create user.

Review IAM User

Step 7: Download and Secure Credentials

  1. Crucial Step: On the success screen, you will see the Access key ID and the Secret access key. The Secret access key is shown only once.
  2. Click the Download .csv button to save a file containing both keys.
  3. Store these credentials securely! Treat the Secret Access Key like a password. You cannot retrieve it again from the AWS console after leaving this screen. If lost, you'll need to create a new access key.

Secure Your Credentials

The Access Key ID and Secret Access Key grant access to your AWS account. Store the downloaded .csv file securely and restrict access to it. Consider using a secrets management system.

IAM Download Credentials CSV

Previous

Configuring an AWS Data Source for Coordimap

Next

Google Cloud Platform Flow Logs

On this page