Amazon Web Services (AWS) Credentials Edit on GitHub Request doc changes

Contributors ebarcott akseldavis

To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS), you will either need to create a new set of AWS credentials, or find your existing credential.

To use this feature, you will need an NKS account. If you don’t have one already, you can sign up for a free 30-day trial with no credit card required at https://nks.netapp.io.

After you add your AWS credentials to your NKS account, click here to learn how to create a Kubernetes cluster on AWS

Create a New Set of AWS Credentials

To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS), you will need to:

  1. Create an AWS user.

  2. Create a policy which grants full access to:

    • Autoscaling

    • CloudWatch

    • EC2

    • Elastic Load Balancing

    • IAM

    • Route 53

  3. Attach this policy to the user.

Create an AWS User

To create a user, sign into the AWS Management Console then click Services.

Add Your Amazon Web Services (AWS) Credentials

In the Security, Identity & Compliance column, click IAM.

Add Your Amazon Web Services (AWS) Credentials

Click Users.

Add Your Amazon Web Services (AWS) Credentials

Click Add User.

Add Your Amazon Web Services (AWS) Credentials

Enter the User Name then choose the Access type.

If this user will only be used to access the API, SDK, and other development tools, click Programmatic access. If this user is for someone who will need to log in to the AWS Management Console, choose AWS Management Console access.

Then click Next: Permissions to continue.

Add Your Amazon Web Services (AWS) Credentials

Choose whether to add the user to a group, copy permissions from an existing user, or attach existing policies directly.

Note: Amazon recommends using groups as a "best practice" way to manage user permissions.

Add Your Amazon Web Services (AWS) Credentials

If you need to create a new policy, see the next section for our recommended policy details.

If you choose to add the user to a group, you can either create a new group or select an existing group.

Then click Next: Review to continue.

Add Your Amazon Web Services (AWS) Credentials

Confirm the new user’s information, then click Create user to create the user.

Add Your Amazon Web Services (AWS) Credentials

Click Download .csv and save the user’s security credentials to your computer.

Add Your Amazon Web Services (AWS) Credentials

Then click Close to return to the Users page.

Create an AWS Policy

When creating a new AWS policy, you will need to allow your user full access to the following services:

  • Autoscaling

  • CloudWatch

  • EC2

  • Elastic Load Balancing

  • IAM

  • Route 53

For an easy way to create a single policy to grant all the necessary access, click Policies. You can also access this page from the user account creation process by selecting Attach existing policies directly > Create policy.

Add Your Amazon Web Services (AWS) Credentials

Click Create Policy.

Add Your Amazon Web Services (AWS) Credentials

Click to select Create Your Own Policy.

Add Your Amazon Web Services (AWS) Credentials

Fill out the Policy Name field with a name you will be able to identify, like StackPointCloudPolicy.

Note that you can only use alphanumeric characters plus a few other characters like - and +. You cannot use spaces in the policy name.

Copy the following and paste it into the Policy Document field:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "route53:*"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "elasticloadbalancing:DescribeLoadBalancers"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "iam:*",
            "Resource": "*"
        }
    ]
}

Click Create Policy to create the policy and return to the Policy page.

Attach the Policy to an Existing User

Click Users to return to the Users page.

Add Your Amazon Web Services (AWS) Credentials

Click your user account to go to the user management page.

Add Your Amazon Web Services (AWS) Credentials

Click the Permissions tab, then click Attach Policy.

Add Your Amazon Web Services (AWS) Credentials

Type the name of your policy into the Filter field to locate your policy. Tick the box to select the policy, then click Attach Policy to attach it to your user.

Add Your Amazon Web Services (AWS) Credentials

The user account is now ready to be used to create a cluster from the NKS website. The user’s Access Key ID and Secret Access Key are in the credentials.csv file which you downloaded when you created the user.

Find Your Existing AWS Credentials

To create an Amazon Web Services (AWS) cluster through NetApp Kubernetes Service (NKS) you will need your Access Key ID and Secret Access Key. You can find these in the credentials.csv file which you downloaded when you created the user.

You can only view or download the Access Key ID and Secret Access Key when you create the user or the user’s access key. However, you can create new access keys at any time.

Create a New AWS Access Key

If you no longer have the credentials.csv file which you downloaded when you created the AWS user, you can create a new access key at any time.

Sign in to the AWS Management Console. In the Find Services section, search for IAM. Click the search result for IAM: Manage User Access and Encryption Keys.

Add Your Amazon Web Services (AWS) Credentials

Click Users.

Add Your Amazon Web Services (AWS) Credentials

Click the user whose credentials you need to access.

Add Your Amazon Web Services (AWS) Credentials

Click the Security credentials tab.

Add Your Amazon Web Services (AWS) Credentials

If the user has an active access key, delete it. Click Create access key to create a new access key.

Add Your Amazon Web Services (AWS) Credentials

At the prompt, download the credentials.csv file. You can also copy and paste the Access Key ID and Secret Access Key from this pop-up window. Be sure to save credentials.csv in a safe place.

Did this article answer your question? If not, contact us.