Connect your AWS Account
Now that you are logged in Cloudockit (click here if you are not logged in yet), you can connect your AWS Acccount.
From the list of platforms, select AWS.
You will be prompted with multiple options to connect to your AWS Account:
- Use Access Keys
- Use another account (AWS Role)
Use Access Keys
With this method, you are using AWS Access Keys to connect your AWS Account. Here are the steps to create the required keys and log in with those keys.
Step 1 – Create the access keys
- Sign into the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, choose Users
- Choose the name of the desired user (the one you want to use in Cloudockit) (If you want to create a new user dedicated for this, please refer to this link : https://www.cloudockit.com/documentation/aws-create-user-for-cloudockit/) , and then choose the Security Credentials and click on Create Access Keys
- Then, under Secret Access Keys, click on show. Copy the Access Key ID and the Secret Access Key as they will be used to connect to your AWS Account in Cloudockit
Step 2 – Login to Cloudockit
- When you will be prompted for the AWS authentication, select Use Access Keys :
- Then, enter the information you copied in the previous step:
- Then click on Login. You should now see your AWS Account.
Use another account (AWS Role)
By using this method, you create a AWS role that will allow your Google or Amazon account to have specific privileges in your AWS Account and then connect to Cloudockit using this account.
Step 1 – Login to Cloudockit using Amazon or Google
As Amazon and Google are the ID Providers supported by Cloudockit, you need to be logged in with Amazon or Google. If you are currently connected to Cloudockit using an AAD authentication, you will be prompted to log in using Amazon or Google (if you are already connected using Amazon and Google you will not see that):
Once connected using Amazon or Google, you will see the following popup. You need to click on Keep Going with this account:
Then, you will see the detailed procedure on how to create the specific Role in AWS that will match your account with the specific provider (AWS or Google) for the Application Cloudockit :
You need to keep that popup open as you will need this information to create the role in the AWS Console in the next step:
Step 2 – To create a role (console)
Sign into the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane of the console, choose Roles and then choose Create role
- Choose the Web identity role type
- For Identity Provider select Login with Amazon and copy and paste the Application ID supplied below:
Application ID: amzn1.application.689808735…. (the one from step 1 – in the popup)
- Click Add condition and complete required fields with the information below:
Key: select www.amazon.com:user_id from the list
Condition: select StringEquals from the list
Value: amzn1.account.YourAccountID (the one from the step 1 above – in the popup)
- Click Permissions button to continue
- To attach permissions policies, search for ReadOnlyAccess policy and select it
- Also, please add the following policy to allow billing information to be retrieved : https://www.cloudockit.com/aws-troubleshooting/
- Also, if you want to drop the document in a S3 Bucket, you need to ensure that you have the Write privileges to this bucket : https://www.cloudockit.com/aws-troubleshooting/
- Click the Review button to continue
- On the Review page, enter Role name and click Create role
First, you need to get the Role ARN that you just creates:
Step 3 – Sign into Cloudockit using AWS Role
- In the navigation pane of the console, choose Roles and click on the role name you gave access to Cloudockit (see Creating an IAM Role (Console) to create a Web identity role)
- In the Summary page of the selected role, copy the value in Role ARN field and paste it into Role to assume in login popup
In the popup that you left open, enter the role to assume :
Then, click on Login.
You should now see the list of AWS Account.