The instructions below describe how to set up authentication credentials for managing PKE clusters through Banzai Cloud Pipeline.


Create an AWS user

Log in to the AWS Management Console. Click Services and select IAM.

AWS Services

IAM service


Click Users, then click Add user.

IAM Users

IAM Add User


Enter User name and choose Programmatic access Access type.

IAM User name


Click Next: Permissions to set up permissions for this user:

Choose whether to add a user to a group, copy permissions from an existing user, or attach existing policies directly.

Note: Amazon recommends using groups to manage user permissions.

IAM Create Group


Attach policies

Attach the following Managed policies to the group:

  • AmazonEC2FullAccess
  • IAMFullAccess
  • AWSPriceListServiceFullAccess
  • IAMUserChangePassword
  • AmazonVPCFullAccess
  • AmazonS3FullAccess - only necessary if the same credentials are going to be used for S3 bucket creation operations (e.g.: the creation of a new S3 bucket for centralized log collection)

Create the following Inline policy for the group by clicking on Create Group Policy. Select Custom Policy, then click Select. Provide a policy name (e.g. PKE) and specify the following Policy Document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "cloudformation:*"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Click Apply Policy.

AWS Create Policy


Click Next: Review.

AWS User create review


Click Create user.

AWS Create User


Click Download.csv and save the user's security credentials to your computer. Banzai Cloud Pipeline will ask for these credentials when creating an PKE cluster.

Then click Close to return to the Users page.