Obtaining an Access key and Secret key

To monitor the Amazon cloud infrastructure, the eG agent has to be configured with the access key and secret key of a user with a valid AWS account.

For this purpose, you need to follow the following broad steps:

  1. Create a special user on the AWS cloud for monitoring purposes.
  2. Configure the eG agent with the access key and secret key of the special user.

To create a user on the AWS cloud, do the following:

  1. Login to the AWS management console as a root user.
  2. After logging in, click on the Services tile ServiceTile in the Title bar of the AWS console that appears, select the All services option within, scroll down the list of services that appears, and select the IAM option (see Figure 1).

    Selecting IAM Option

    Figure 1 : Selecting the IAM option

  1. Figure 2 will then appear. The first step to creating a user is to create a policy that defines the rights and privileges of that user. To create a policy, click on the Policies link in the left panel (as indicated by Figure 2).

    Policies Link in Left Panel

    Figure 2 : Clicking on the Policies link in the left panel

  1. Figure 3 will then appear listing all the policies that pre-exist. Click on Create Policy to create a new policy.

    Create Policy

    Figure 3 : Clicking on Create Policy

  1. Figure 4 will then appear. Click on the JSON tab page in Figure 4.

    JSON Tab Page Switching

    Figure 4 : Switching to the JSON tab page

  1. Figure 5 will then appear.

    JSON Tab Page

    Figure 5 : The JSON tab page

  1. Replace the contents of the JSON tab page with the following (see Figure 6):

    {

    "Version":"2012-10-17",

    "Statement":[

    {

    "Action":[

    "acm:DescribeCertificate",

    "acm:ListCertificates",

    "acm:GetCertificate",

    "acm:*Certificate",

    "autoscaling:Describe*",

    "budgets:Describe*",

    "cloudfront:List*",

    "cloudfront:GetDistributionConfig",

    "cloudfront:GetStreamingDistributionConfig",

    "cloudsearch:Describe*",

    "cloudtrail:DescribeTrails",

    "cloudtrail:GetTrailStatus",

    "cloudwatch:Describe*",

    "cloudwatch:Get*",

    "cloudwatch:List*",

    "dynamodb:List*",

    "dynamodb:Describe*",

    "ec2:Describe*",

    "ec2:Get*",

    "ecs:List*",

    "ecs:Describe*",

    "elasticache:Describe*",

    "elasticache:List*",

    "elasticbeanstalk:Describe*",

    "elasticbeanstalk:List*",

    "elasticfilesystem:Describe*",

    "elasticloadbalancing:Describe*",

    "elasticmapreduce:Describe*",

    "elasticmapreduce:List*",

    "iam:Get*",

    "iam:List*",

    "iam:GenerateCredentialReport",

    "iot:Describe*",

    "iot:List*",

    "kinesis:List*",

    "kinesis:Describe*",

    "kinesis:Get*",

    "lambda:List*",

    "logs:Get*",

    "logs:Describe*",

    "logs:FilterLogEvents",

    "logs:TestMetricFilter",

    "logs:PutLogEvents",

    "opsworks:Describe*",

    "polly:Describe*",

    "polly:GetLexicon",

    "polly:ListLexicons",

    "rds:Describe*",

    "rds:List*",

    "redshift:Describe*",

    "redshift:ViewQueriesInConsole",

    "route53:List*",

    "s3:Get*",

    "s3:List*",

    "s3:*Object",

    "s3:Object*",

    "ses:ListIdentities",

    "ses:Get*",

    "support:*",

    "sns:Get*",

    "sns:List*",

    "sns:Publish",

    "sqs:List*",

    "sqs:Get*",

    "storagegateway:Describe*",

    "storagegateway:List*",

    "waf:List*",

    "waf:Get*",

    "workspaces:Describe*",

    "Organizations:List*",

    "Organizations:Describe*",

    "appstream:ListAssociated*",

    "appstream:Describe*",

    "ce:Get*"

    ],

    "Effect":"Allow",

    "Resource":"*"

    }

    ]

    }

     

    Note:

    If you copy the above code block directly from this document and paste it in the JSON tab page, you will find that the page numbers in the document also get copied on to the tab page inadvertently. Therefore, after copying the code block to the JSON tab page, make sure you remove the page numbers from the code block and then proceed.

    Replacing Contents of JSON Tab Page

    Figure 6 : Replacing the contents of the JSON tab page

  1. Then, click the Next button in Figure 6 to review the policy that you have defined. This will open Figure 7, where you have to provide a name for the new policy and a brief description of the policy.

    Reviewing the Policy

    Figure 7 : Reviewing the policy

  2. Scroll down Figure 7 to view the Permissions section. This section (see Figure 8) lists all the services that this policy allows access to, the level of access (whether Full or Limited), and the resources that can be accessed.

    Viewing Permissions Defined in Policy

    Figure 8 : Viewing the Permissions defined within the policy

  3. Scroll down further and click the Create policy button (see Figure 9) to create the policy.

    Reviewing Permissions

    Figure 9 : Reviewing permissions and clicking on the Create policy button

  1. Figure 10 will then appear displaying the new policy.

    Verifying New Policy in List of Policies

    Figure 10 : Verifying whether the new policy appears in the list of policies

  2. Now, proceed to create a new user. For that, first click the Users option in the left panel (as indicated by Figure 10). Figure 11 will then appear listing users who pre-exist. Here, click on the Create user button to create a new user.

    Create User Button

    Figure 11 : Clicking on the Create user button

  1. Figure 12 will then appear. Specify the new User name here. Then, click the Next button to proceed.

    Specifying Name of New User

    Figure 12 : Specifying the name of the new user

  2. This will invoke Figure 13. Select the Attach policies directly option from the Permission options section, so you can assign the policy you created previously to the new user. Then, scroll down to view the Permissions policies section. Specify the name of the new policy you created in the Search text box here, to locate that policy. Once the policy name is displayed in the search results, select the check box that is available alongside the policy name, to attach the policy to the new user. Finally, click the Create policy button in Figure 13.

    Assigning Policy to New User

    Figure 13 : Assigning the policy to the new user

  3. Figure 14 will then appear. Review your user specifications using Figure 14, and if satisfied, click the Create user button therein to create the new user.

    Reviewing User Details

    Figure 14 : Reviewing user details

  4. Figure 15 will then appear. You will see that the user you created is appended to the Users list in Figure 15. Click on the View user button indicated by Figure 15.

    Clicking View User Button

    Figure 15 : Clicking on the View user button

  5. When Figure 16 appears, you will see that it displays the details of the new user. Now, proceed to generate an access key for the new user. For that, click on the Create access key link indicated by Figure 16.

    Create Access Key Link

    Figure 16 : Clicking on the Create access key link

  6. Figure 17 will then appear. Start access key creation by indicating the Use case - i.e., the reason why you need an access key. In the case of our example, the access key is required, so that a third-party software, like the eG agent, can use it to connect to the AWS cloud and monitor it. So, select the Third-party service option (see Figure 17).

    Use Case for Access Key

Figure 17 : Indicating the Use case for the access key

  1. Then, scroll down Figure 17 to read Microsoft's recommendation. Typically, Microsoft discourages the use of long-term credentials like access keys, and instead encourages the use of temporary security credentials. To proceed with the access key generation, read Microsoft's advice, and then select the 'I understand...' check box that you see in Figure 18. This way, you can indicate that you are aware of Microsoft's recommendation, but would still want to proceed with access key generation. Then, click the Next button to move on.

    Reading Microsoft's Recommendation

    Figure 18 : Reading Microsoft's recommendation and still choosing to generate access key

  2. Figure 19 will then appear. Describe the purpose of the access key in the Description tag value text area in Figure 19. Finally, click the Create access key button in Figure 19 to proceed with the access key generation.

    Description Tag Value

    Figure 19 : Specifying the purpose of the access key against Description tag value

  3. This will lead you to Figure 20, where the Access key and the Secret key (in encrypted form) will be displayed. Click the Show link adjacent to the Secret key to view the key in the decrypted form (see Figure 21). Then, copy both the Access key and Secret key to a Text editor.

    Access Key and Secret Key

    Figure 20 : Viewing the Access key and Secret key

    Viewing Secret Key

    Figure 21 : Viewing the secret key in the decrypted form

  4. Make sure to configure the eG tests with the access key and secret key that you have copied to the editor.