What you’ll learn
  • how to configure your AWS credentials for programmatic access
  • how to create a user with fine-grained policies using CloudFormation template

This article guides you through configuring your AWS credentials for programmatic access. At the end of the tutorial, you will have your API keys and region configured to successfully deploy Webiny to your AWS cloud.

If you prefer the video version, check out our YouTube video below:


Step 1: Create Your AWS Account
anchor

Already have an account?

In that case skip to step 2 to create your programmatic user.

To create your AWS account and set up your IAM credentials we should first navigate to the AWS Console page :

aws-sign-inaws-sign-in
(click to enlarge)

Next click on Create a new AWS account:

aws-loginaws-login
(click to enlarge)

Now input your credentials and create your account:

aws-registeraws-register
(click to enlarge)

Step 2: Create a User for Programmatic Access
anchor

Once you’re registered, login and head to the AWS Management Console and select IAM under Security, Identity & Compliance:

aws-iam-selectionaws-iam-selection
(click to enlarge)

Click on IAM and select Users under Access Management:

aws-iam-usersaws-iam-users
(click to enlarge)

Click on Add user to create the account with the IAM credentials:

aws-create-useraws-create-user
(click to enlarge)

Here you enter a 5-step process, and the first step is to create a User name for the credentials.

Programmatic access

Make sure to select the Programmatic access checkbox before moving to the next step.

aws-user-detailsaws-user-details
(click to enlarge)

In the next step you define the access level for the new user. Select Attach existing Policies from the three options that are available. Then select the AdministratorAccess policy by marking the checkbox next to it. When ready, click the Next:Tags button:

Want fine-grained permissions?

In case your organization can’t use the AdministratorAccess or if you want to have a more strictly defined set of permissions, please see the attaching fine-grained policy section.

aws-user-permissionsaws-user-permissions
(click to enlarge)

In case you don’t want to add any tags to your new user, you can just skip this step and click the Next:Review button.

aws-user-tagsaws-user-tags
(click to enlarge)

After all the steps are complete, you’ll see a Review page. It should look something similar to this. If everything is correct, click the Create user button.

aws-user-reviewaws-user-review
(click to enlarge)

Lastly, you will receive a success message with your Access key ID and Secret access key. You need to copy these strings and keep them safe as you need them for the next step.

Save the credentials

Once you navigate off this screen, you will not be able to see the credentials any more. If you lose them, you will need to delete the user and create a new one.

aws-user-createdaws-user-created
(click to enlarge)

Attaching a Fine-grained Policy
anchor

Please note that a user with programmatic access is a prerequisite for this step. If you don’t have one please refer to the previous step.

Alternatively, you can also define a fine-grained policy using our CloudFormation template that will create a user group with all the necessary policies, for your Webiny project and assign a given user to it. You can do this by clicking create stack :

aws-cloudformation-create-stackaws-cloudformation-create-stack
(click to enlarge)

The resource creation will take a few minutes. After completion, you will see the completion logs:

aws-cloudformation-step-5aws-cloudformation-step-5
(click to enlarge)

Afterwards, you can check out the newly created resources in the IAM service panel . Also, if you head over to the previously created user (webiny-cli in our case), you will see the attached policy and group:

aws-cloudformation-step-6aws-cloudformation-step-6
(click to enlarge)

Step 3: Configure the Programmatic Access
anchor

Now that you have the Access key ID and Secret access key it’s time to store them on your development machine.


Unix setup
anchor

If you’re on UNIX, create a folder named .aws inside your user folder, that’s ~/.aws. Inside that folder place a file called credentials. So the full path is ~/.aws/credentials.

Windows setup
anchor

On Windows machines, navigate to your user folder. That’s C:\Users\USERNAME\ (replace USERNAME with your actual username). Inside create a new folder named .aws, and inside the .aws folder create a file named credentials. The full path should be like this: C:\Users\USERNAME\.aws\credentials.


Now that we have our credentials file, edit the file and populate it like so:

[default]
aws_access_key_id = PASTE_ACCESS_KEY_ID_HERE
aws_secret_access_key = PASTE_SECRET_ACCESS_KEY_HERE

The word default inside the square brackets is your profile name. If you don’t explicitly configure a profile name, the default profile is used by AWS CLI and SDK.

And that’s it! You now have your AWS credentials, your default region, and you’re ready to deploy Webiny.

Using a Different AWS Profile Name?

If you would like to use a different name for your AWS profile, you can do that too. Check out the Use AWS Profiles how-to guide for more information.

FAQ
anchor

Is there a way to check if my profile was set properly?
anchor

If you have the AWS CLI installed on your system, you can run the following command:

aws sts get-caller-identity

This should give an output similar to the following:

{
    "Account": "x",
    "UserId": "y",
    "Arn": "arn:aws:iam::x:user/z"
}