Adding AWS authorization¶
AWS authorization is achieved by linking an AWS IAM user with your local instance of the Bcome client.
If you want to integrate an AWS account, then follow the steps here.
Note
You may connect as many AWS accounts as you like, and mix with as many accounts from other cloud providers.
Bcome will allow you to interact with them all in the same project.
Create directory structure¶
Create a directory named .aws
in the root of your project directory.
If you’ve correctly setup your project directory structure (see: Getting Started), your directory structure should now look like:
.
├── .aws
├── Gemfile
└── bcome
└── networks.yml
Generate an AWS access key and secret access key¶
From within your chosen AWS account, generate a secret key and secret access key for the IAM user you wish to link to Bcome. This IAM user should have:
- Programmatic access to the AWS API
- As minimum, an associated policy of
AmazonEC2ReadOnlyAccess
Have a look here for an AWS guide on how to do this.
The Bcome framework will use this key & secret in order to conduct queries against Amazon’s EC2 API. This allows Bcome to populate your instance with resources from your account.
Note
If you add custom orchestration to Bcome that requires access to features other than EC2, you will of course need to augment the permissions available to your IAM user.
Add the AWS keys to your bcome project¶
Create a file named keys
in your .aws directory
Within this file, create a key to reference your AWS account e.g. my_key
And then within your keys file add in the following yaml:
---
my_key:
aws_access_key_id: [your access key]
aws_secret_access_key: [your secret access key]
Warning
Do not commit your keys
file to source control.
Configuring multiple AWS accounts¶
You can add as many AWS accounts as you like. This allows you to work with machines from disparate accounts within the same project.
Given a second AWS account referenced by the key ‘my other key’, your keys file would look as follows:
---
my_key:
aws_access_key_id: [your access key]
aws_secret_access_key: [your secret access key]
my_other_key:
aws_access_key_id: [second access key]
aws_secret_access_key: [second secret access key]
Note
For a demonstration of an AWS authorization in use, please see the AWS EC2 authentication guide
Hint
To add your AWS authorization to your network configuration, see Network Configuration.