AWS Authentication methods using Roles and Access Keys
Cloudockit supports two authentication methods for AWS :
- Method 1 – AWS Access Keys.
- Method 2 – AWS Roles
You can use either described methods below to sign in to Cloudockit.
Method 1 – AWS Access Keys
Step 1 – Create the access keys
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, choose Users
- Choose the name of the desired user (the one you want to use in Cloudockit) (If you want to create a new user dedicated for that, please refer to this link : https://www.cloudockit.com/documentation/aws-create-user-for-cloudockit/) , and then choose the Security Credentials and click on Create Access Keys
- Then, under Secret Access Keys, click on show. Copy the Access Key ID and the Secret Access Key as they will be use to connect to your AWS Account in Cloudockit
Step 2 – Login to Cloudockit
- When you will be prompted for AWS authentication, select Use Access Keys :
- Then, enter the information you copied in the previous step:
- Then click on Login. You should now see your AWS Account.
Method 2 – AWS IAM Role (Console)
By using this method, you can create a role that will allow your Google or Amazon account to have specific privileges in your AWS Account and them connect to Cloudockit using this account.
Step 1 – Login to Cloudockit using Amazon or Google
As Amazon and Google are the ID Provider supported by Cloudockit, you need to be loged in with Amazon or Google. That mean that if you are currently connected to Cloudockit using an AAD authentication, you will be prompted to login using Amazon or Google (if you are already connected using Amazon and Google you will not see that) :
Once connected using Amazon or Google, you will see this popup. You need to click on Keep Going with this account:
Then, you will see the detailed procedure on how to create the specific Role in AWS that will match your account with the specific provider (AWS or Google) for the Application Cloudockit :
Then, you need to keep that popup open as you will need these information to create the role in the AWS Console in the next step:
Step 2 – To create a role (console)
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane of the console, choose Roles and then choose Create role.
- Choose the Web identity role type.
- For Identity Provider select Login with Amazon and copy and paste the Application ID supplied below:
Application ID: amzn1.application.689808735…. (the one from the step 1 above – in the popup)
- Click Add condition and complete required fields with the information below:
Key: select www.amazon.com:user_id from the list.
Condition: select StringEquals from the list.
Value: amzn1.account.YourAccountID (the one from the step 1 above – in the popup)
- Click Next: Permissions button to continue.
- To attach permissions policies, search for ReadOnlyAccess policy and select it.
- Also, please add the following policy to allow billing information to be retrieved : https://www.cloudockit.com/aws-troubleshooting/
- Click Next: Review button to continue.
- At Review page, enter Role name and click Create role.
Step 3 – Sign in to Cloudockit using AWS Role
First, you need to get the Role ARN that you just create :
- In the navigation pane of the console, choose Roles and click on the role name that you give access to Cloudockit (see Creating an IAM Role (Console) to create a Web identity role)
- In Summary page of selected role, copy the value in Role ARN field and paste it into Role to assume in login popup
In the popup that you left open, enter the role to assume :
Then, click on Login.
You should now see the list of AWS Account.