• A single pane of glass into all your public and private cloud accounts.

A smarter way to manage all your CLOUD Resources from one place         A Hybrid Cloud that will pass the test of time and go beyond!

How to avoid storing access credentials on your Cloud Access Server for AWS

Storing access credentials in plain text on the Cloud Access Server, is always a slightly insecure way of handling credentials, and should be avoided whenever there is a way.

Luckily AWS provides such a mechanism and you are encouraged to take advantage of this feature for all your AWS accounts that you want to link to your Hybrid Cloud at xPlore.Cloud. You can learn more about this AWS feature here.

In this blog post I am going to show you how to do this in a few easy steps.

Step 1: Log into your AWS console, head over to the IAM console, click on Roles in the left panel and then click on the Create Role button.

Step 2: On the Create Role screen, Select AWS Service for type of trusted entityand EC2 for the service that will use this role, then scroll down and choose EC2for your use case. Then click Next:Permission button in the bottom right.

https://blog.xplore.cloud/_static/ss/blog-cas-1.png

Fig 1: Select AWS Service for type of trusted entity and EC2 for the service that will use this role

https://blog.xplore.cloud/_static/ss/blog-cas-2.png

Fig 2: Scroll down and choose EC2 for your use case

Step 3: In the search box, start typing PowerUser, from the filtered list that appears below, check the checkbox against the entry PowerUserAccess and click the Next:Review button in the bottom right.

https://blog.xplore.cloud/_static/ss/blog-cas-3.png

Fig 3: Check the checkbox against the entry PowerUserAccess

Step 4: Provide a meaningful name to the role, e.g. xploreCloudAccessServer, optionally write a description and click the Create role button in the bottom right. This should create the role for you and you should be able to see it in the list on the next page.

https://blog.xplore.cloud/_static/ss/blog-cas-4.png

Fig 4: You should be able to see the newly created Role in the list on the next page

Step 5: Now head over to the EC2 console, select the US West (Oregon) region from the Regions dropdown at the top-right and click on the Launch instance button.

Step 6: Click on the Community AMIs tab on the left panel and in the search box type in xplore.cloudaccess and press enter. You should get only one AMI back and its name should of the form xPlore.CloudAccessServer-Ver-x-y-z, where x, y and z would be numbers, e.g. xPlore.CloudAccessServer-Ver-1.2.0. Click Select for this one. On the next screen, select the instance type you want to launch and click Review and Launchbutton in the bottom right.

Step 7: On the review screen, setup proper security group, give the server a meaningful name tag from the Tags section and the click on the Edit instance details link on the right. On this form, for the field IAM role, select the role you just created. Then click Launch.

https://blog.xplore.cloud/_static/ss/blog-cas-5.png

Fig 5: For the field IAM role, select the role you just created

And that is all to it!

From this server, the CAS code will be able to access the AWS API endpoints and run commands without having to send any credentials at all.

About

Indranil is the Chief Product Officer at xPlore.Cloud and the main architect of the product.

Archives

  1. May 2018
  2. April 2018
  3. March 2018
  4. February 2018
 
If you have an inhouse team of developers, click below to start your Free trial.
If you want us to build your Hybrid Cloud, click below to contact us.