AWS Configuration ReadOnly User
AWS ReadOnly User
This page describes how to add a ReadOnly AWS user. By providing the credentials of this user to the coordimap agent you are sure that no unintended changes will happen to your clould environment.
The AWS IAM (Identity and Access Management) service allows you to manage access to AWS services and resources securely by attaching different policies to users.
Go to the AWS Console and type IAM in the search box.
At the IAM dashboard in the sidebar select the Users menu and then click on the Add User button.
When creating a new user enter a user name and enable the Programmatic Access checkbox. This is needed to access the AWS infrastructure programmatically from the coordimap agent. We would recomment to deselect the AWS Management Console access checkbox. This allows the user to be able to login to the AWS Console. Click the Next: Permissions
button.
We have to select the Attach existing policies directly
button, then type ReadOnlyAccess to filter policies.
Move down until the policy “ReadOnlyAcces” and enable the checkbox beside that policy. Click the Next: Tags
button.
Skip the Tags page and click the Next: Review
button.
Review the user details of the read-only account and click the Create User button.
Finally, we have our credentials, click on the Download .csv
button and store the password in a safe place. You can’t recover the Secret Access Key or Password and you will need to reset the account if you lost them.
Share credentials and the URL next to “Users with AWS Management Console access can sign-in at” link.