How do I use IAM with Kumolus without an Access Key?
What is AWS Identity and Access Management (IAM)?
IAM provides a way of securely controlling access to your AWS services and resources. IAM allows you to create users or groups and assign them the required access permissions. To read more, visit AWS - IAM documentation.
Can I use IAM with Kumolus?
Yes. Although Kumolus maintains or integrates with your SAML connected directory for it's database of users. Kumolus allows you to enforce individual users and permissions within the Kumolus Platform.
As it's against AWS best practise, Kumolus doesn't support the use of root credentials to connect to the Platform.
First of all, you will need to create 03 Policies for different types of account that you can have:
- Normal Account - where you are running your production, pre-production or development environment.
- Backup Account - where you archive your images (ami) and backup datas.
- Consolidated Billing Account - you would like to centralize and control by Kumolus.
You have to create these policies on each account that you have according with your classification, it is totally possible have an account with more than one of these policies.
When using the Kumolus SaaS Application - you will need to first create a role in your AWS account with relevant cross-account permissions for Kumolus to access your AWS Account and its resources.
When deploying the Enterprise Appliance in AWS - you will need to first create a role to be assigned to the AMI that will then provide credentials into the other AWS accounts you will be managing.
- Single Account - All your systems are running on a single AWS account and your billing is on the same account.
- Multiple Accounts - You have different AWS accounts for Production, Backup, Consolidated Billing for which we had previously created the policies.
Then you have to Set Cross-Account Access for Kumolus Application.
Launch the Kumolus instance to use the Role instead of an Access and Security Keys.