Note: Please go to docs.rightscale.com to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > Tutorials > RightScale > Upgrade Your Account > Sign up for Amazon Web Services (AWS)

Sign up for Amazon Web Services (AWS)

logo_aws.gif

Table of Contents

Objective

To create a new AWS account and sign up for the required Amazon Web Services (EC2, S3, etc.) so that afterwards you can create a RightScale account that uses your new AWS cloud credentials.

Background Information

Before you can create a RightScale account and start launching EC2 instances using the RightScale Dashboard, you must first have valid AWS credentials so that you can use Amazon's web services. You can either sign-up for a new AWS account or use existing AWS credentials. This tutorial assumes that you are creating a new AWS account. 

At the end of each month, Amazon will charge your credit card for the cloud-related usage costs associated with your AWS account. EC2 instance usage is not included with any RightScale account. You will need to provide unique and valid AWS credentials when you create a new RightScale account. Cloud credentials cannot be associated with more than one RightScale account.

You will need to provide the following information to add the AWS cloud and its services to your RightScale account.

  • AWS Account Number
  • AWS Access Key
  • AWS Secret Access Key

 

About AWS Access Keys

Amazon issues two kinds of access key IDs to authenticate requests between instances. Your public access key identifies you as the originator of a request, but it's not encrypted. Your secret access key is used to calculate a specific request signature that authenticates you as the true user for services that require authentication on your instances. As the name suggests, this key should be kept private. 

Important! 

  • If you create a new set of access keys, be sure to update your AWS Credentials in the RightScale otherwise you will not be able to manage your AWS resources because you will not be able to make successful (authenticated) requests to AWS from RightScale.
  • Your Secret Access Key is sensitive information. Be sure to store the secret access key in a secure location. If your keys are ever compromised, you should generate a new access key immediately.

Prerequisites

If you're creating a new Amazon account, you will need to provide a valid credit card and phone number to complete the sign-up process.

Steps

Create a AWS Account 

  1. Go to http://aws.amazon.com and complete the sign-up process for Amazon Web Services.

Retrieve the AWS Security Credentials

You can either use your AWS account's own security credentials that grant 'administrator' level access to your AWS account's services and resources or you can create a unique user with Amazon's Identity and Access Management (IAM) service that's specific for the RightScale platform for more granular access control. Your choice will determine the level of access that users of the RightScale account may be allowed to perform using the RightScale Cloud Management Dashboard/API.

  1. Use the AWS Account's Security Credentials

  2. Use IAM with RightScale

Use the AWS Account's Security Credentials
  1. Log in to the AWS Management Console (https://console.aws.amazon.com).
  2. The next steps will depend on whether or not you use IAM to create a user profile that's specific for the RightScale platform.
  3. Go to the Security Credentials section. Note: You do not have to get started with IAM at this time.
    screen-Nav_Security_Credentials_v2.png
  4. Expand the Access Keys section and click the Create New Root Key button to generate a new access key for the AWS account. A pop-up window will display your AWS account's Access Key ID, along with a link to download your Secret Access Key. You will need both the Access Key ID and Secret Access Key to add the AWS cloud and its services to your RightScale account. 

    Important! This is the only time that you will be given the Secret Access Key. This is highly sensitive information. Be sure to store the secret access key in a secure location. If your keys are ever compromised, you should generate a new access key pair immediately. 

    screen-Access_Keys_v1.png

     
  5. Go to the Account Identifiers section and expand the view to find your 12-digit AWS account number. (e.g. 1234-1234-1234) All cloud resources and services will be associated with this unique account identifier (not your email address). You will need to provide your AWS Account ID when you add the AWS cloud and its services to your RightScale account. 
    screen-Account_Number-v1.png
  6. You are now ready to ​Add AWS Credentials to RightScale.
Use IAM with RightScale

Perhaps you're currently using IAM to manage your AWS account's resources and services and wish to grant RightScale access to your account by using an IAM user instead of using your account's default security credentials. (e.g. AWS Access Key ID and AWS Secret Access Key)

Follow the steps below to create a user profile in IAM that's specifically designed for use by the RightScale platform to access and manage your account.

  1. Log in to the AWS Management Console (https://aws.amazon.com)
  2. Go to the IAM section. 
    screen-IAM-Link-v1.png
  3. Go to the Users section in the left-hand navigation pane and click Create New Users.
  4. Create a new user profile that the RightScale platform will use to access and manage your AWS account's resources and services. (e.g. RightScale) Make sure you auto-generate an access key because you will need it to add/update the AWS credentials associated with your RightScale account.

screen-IAM_Create_User-v1.png
 

  1. Save the user's security credentials.
    • Access Key ID
    • Secret Access Key

screen-IAM_User_Creds-v2.png
 

  1. Close the page and select the newly created user (e.g. RightScale) by clicking on the name (not the checkbox).
  2. The next step is to define the User Policy (i.e. user permissions) that will be granted to the new (RightScale) user. Both options outlined below are safe and secure. Since this User Policy will affect how the RightScale platform interacts with your AWS account's services and resources, it's important to use a policy that has the minimum set of permissions that's required by RightScale. Both options below will ensure full functionality within the RightScale cloud management platform and related services such as RightScale's Cloud Analytics.


Screen-IAM_Policy_Options-v1.png
 

  1. Option 1 (Recommended) - Grant Administrator Access to RightScale, which is essentially the same level of access that would be granted to RightScale if you were not using IAM and simply used your AWS account's Access Key ID and Secret Access Key. To do this, click on the "Attach Policy" button, then select "AdministratorAccess" and click Attach Policy.
  2. Option 2 - Create an inline policy. If you select this option, click to expand the Inline Policies section, and click through to create one. Then select Custom Policy. Provide a useful name for the custom user policy (e.g. RightScale_Connection) and start by copying and pasting the provided source code below into the "Policy Document" text field. The following user policy provides the minimum set of permissions required to support full functionality within RightScale's Cloud Management and Cloud Analytics dashboards. If you want to create a user policy that only supports RightScale Cloud Analytics and not cloud management, please use the "ReadOnlyAccess" policy in Option 1.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "cloudfront:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::*"
    },
    {
      "Action": "elasticloadbalancing:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "sqs:*",
      "Effect": "Allow",
      "Resource": "arn:aws:sqs:*"
    },
    {
      "Action": "rds:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "sns:*",
      "Effect": "Allow",
      "Resource": "arn:aws:sns:*"
    },
    {
      "Action": "ec2:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "cloudformation:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "directconnect:*",
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Action": "route53:*",
      "Effect": "Allow",
      "Resource": "arn:aws:route53:::*"
    },
    {
      "Action": [
        "iam:DeleteServerCertificate",
        "iam:GetServerCertificate",
        "iam:ListServerCertificates",
        "iam:UpdateServerCertificate",
        "iam:UploadServerCertificate"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:iam::*:server-certificate/*"
    }
  ]
}
  1. Once you've made your User Policy selection and defined its set of permissions, click Apply Policy to save and apply your changes.
  2. Congratulations! You just created an IAM user with a unique set of security credentials and an appropriate user policy. The next step is to use this information to either add the AWS cloud account to your RightScale account or update a previously configured RightScale account to use the 'RightScale' IAM user profile instead of your AWS account's default (admin) security credentials. You will need the following information to add/update your RightScale account.
    • Access Key ID and Secret Access Key (of the new 'RightScale' user you just created)
    • AWS Account Number (Tip: You can quickly retrieve the 12-digit ID by clicking the Summary tab. See screenshot.)
  3. You are now ready to Add AWS Credentials to RightScale.

 

 

You must to post a comment.
Last modified
10:52, 11 Apr 2014

Tags

Classifications

This page has no classifications.

Announcements

None


© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.