AWS Credential Configuration with Cloudlytics

Steps to configure

AWS ( Credentials ) with Cloudlytics

Author : Abhijeet Chinchole

abhijeet.chinchole@blazeclan.com

Step 1: Create an Access Policy in your AWS Account

    1. Log into AWS account and select IAM(Identity and Access Management) from console
    2. Go to policies tab and then click on create policy

Steps:

    1. Select Create Your Own Policy
    2. Name policy
    3. Give brief description about the policy
    4. Add policy document (Get policy document here)
    5. Update ARN for services in policy (S3, SQS, Cloudwatch Logs)
    6. Click on validate policy
    7. Correct errors(if any)
    8. Click On Create Policy

2. Create Third Party Access Role

    1. Go to IAM(Identity and access management)
    2. Click on Create New Role
    3. Give Valid Name to Role
    4. On next page select role type “Role For Cross Account Access”
    5. Select Provide access between your AWS account and a 3rd party AWS account and go to next step
    6. Enter Cloudlytics account number 891776519288
    7. Then enter the External ID

(NOTE: External ID will be a secret token between you and Cloudlytics to access your AWS resources as per the access policy. We highly recommend External ID to be combination of random characters with minimum length of 10)

    1. Uncheck Required MFA checkbox
    2. Go to next step
    3. In this step we have to attach Policy that we had created previously

    1. After selecting the policy go to next step
    2. This is the step of review, Review all details carefully

    1. If everything fine with the role, create the role.

3. Create Credential in Cloudlytics Account

  1. After successful creation of a role, let’s create credential in Cloudlytics account so that we can read your logs
  2. Login to Cloudlytics
  3. Go to the Credentials tab

  1. Click on Add New Credential or “+” button
  2. Now you have to enter Role ARN, External ID and tag for Credential

  1. Here, role ARN is nothing but the Amazon Resource Name ( ARN ) of the Role that we have created
  2. To get the ARN of the role go to AWS Console
    1. -> Then Go to IAM(Identity and access Management)
    2. -> Click on Roles
    3. -> Select role that we have created previously

  1. Here you will get Role ARN of the role
  2. Now to get External ID, go to Trust Relationships tab

(NOTE: External ID in AWS Role and Cloudlytics Credential must be same)

  1. After filling all the details Credentials are now ready.
  2. Credential can be used to configure multiple streams and will allow Cloudlytics to read logs from your AWS account.

Leave a Reply

Your email address will not be published.