Sign upLogin

MitocGroup/deep-framework

View on GitHub
Star
docs/security/secure-aws-credentials.md

Summary

Maintainability
Test Coverage
Creating secured AWS credentials
--------------------------------

In order to avoid excessive bills in case your AWS account get hacked
you may create secured credentials that suits DEEP requirements.

The AWS Services we are giving access to:
 - [Lambda](https://aws.amazon.com/lambda/)
 - [ElastiCache](https://aws.amazon.com/elasticache/) (disabled until VPC is available in lambdas)
 - [S3](https://aws.amazon.com/s3/)
 - [DynamoDB](https://aws.amazon.com/dynamodb/)
 - [CloudFront](https://aws.amazon.com/cloudfront/)
 - [APIGateway](https://aws.amazon.com/api-gateway/)
 - [Cognito](https://aws.amazon.com/cognito/)
 - [IAM](https://aws.amazon.com/iam/)
 - [SQS](https://aws.amazon.com/sqs/)
 - [ES](https://aws.amazon.com/elasticsearch-service/)

The steps
=========

 - Sign in to the `AWS Console`

![AWS Console login button](assets/console-login.png)

 - Choose `IAM` service from the `Services` dropdown

![Services dropdown](assets/services-dropdown.png)

![IAM Service](assets/iam-service.png)

 - Choose `Users` from the sidebar

![Users sidebar item](assets/users-item.png)

 - Click on the `Add User` button

![Add User button](assets/add-user-button.png)

 - Enter an username into the `User name` text field

![User Name text field](assets/username-textarea.png)

 - Check the `Programmatic access` option in the `Access type` area

![Access type checkbox](assets/access-type-checkbox.png)

 - Click on `Next: Permissions` at the bottom of the page

![Create button](assets/next-permissions-button.png)

 - Select the `Attach existing policies directly` option

![Attach policy button](assets/attach-policy-button.png)

 - Click on `Create Policy` button

![Create Policy button](assets/create-policy-button.png)

 - In the new opened tab click on `Connect` button for `Create Your Own Policy` option

![Select button](assets/create-policy-select-button.png)

 - Type a name for the policy in `Policy Name` text field

![Policy Name text area](assets/policy-name-textarea.png)

 - Copy the content of [secured IAM policy](assets/aws-secure-deep-policy.json) into the `Policy Document` text area

![Policy Document text area](assets/policy-document-textarea.png)

 - Click on `Create Policy` button

![Create Policy button](assets/create-policy-button2.png)

 - Switch back to the `Add user` tab and click on `Refresh` button

![Refresh button](assets/refresh-button.png)

 - Select the newly created policy from the list

![Select policy checkbox](assets/policy-checkbox.png)

 - Click on the `Next: Review` button

![Next Review button](assets/next-review-button.png)

 - Click on the `Create user` button at the bottom of the page

![Create user button](assets/create-user-button.png)

 - Click on the `Download .csv` button to save the credentials

![Download button](assets/download-button.png)

 - Done!

> Using credentials in the [deploy config](../tools/deploy.md#example-of-deeployjson)

> If your credentials were compromised you can make them inactive by clicking `Make inactive` link
> from the `Status` section in `Access Keys` of the chosen user ![Make Inactive](assets/make-inactive.png)