Appendix

Recipe 1 – Creating an IAM user

You can use the following steps to create an IAM user:

  1. Navigate to the IAM console.
  2. Select Users and then choose Add user.
  3. Type a username for the new user. IAM usernames need to be unique in a single AWS account. This username will be used by the user to sign in to the AWS console.
  4. For the access type, select both Programmatic access and AWS Management Console access:
    • Programmatic access grants users access through the API, AWS CLI, or tools for Windows PowerShell. An access key and secret key are created for the user and are available to download on the final page.
    • AWS Management Console access grants users access through the AWS Management Console. A password is created for the user and is available to download on the final page.
  5. For Console password, choose one of the following:
    • Autogenerated password: This will randomly generate a password for the user that meets the account password policy in effect.
    • Custom password: You can type a password that satisfies the account password policy in effect.
    • (Optional) You can select Require password reset to ensure that users are forced to change their password when they log in for the first time.
  6. Select Next: Permissions.
  7. Skip the Set permissions page and select Next: Tags.
  8. Select Next:Review, and then select Create user.
  9. This will generate the user's access keys (access key IDs and secret access keys) and password. Download the generated credentials by selecting Download .csv and then save the file to a safe location.
  10. Share the credentials with users who need to access AWS services. This is an empty IAM user with no access to any AWS services. The AWS administrator will need to execute the CloudFormation template based on the relevant chapter to allow the appropriate access.

Recipe 2 – Storing database credentials using Amazon Secrets Manager

You can use the following steps to create an IAM user:

  1. To create the secrets, navigate to the AWS Secrets Manager dashboard at https://console.aws.amazon.com/secretsmanager/.
  2. Choose Store a new secret.
  3. Then, choose Credentials for Redshift Cluster.
  4. Specify the username and password.
  5. Set the encryption key to DefaultEncryptionKey.
  6. Select the Redshift cluster from the list that this secret will access, and click Next.
  7. Specify the name for the secrets, keep the defaults, and click Next.
  8. Keep the defaults for the configure automatic rotation, and click Next.
  9. Review and choose Store.
  10. Capture the secret store ARN.

Recipe 3 – Creating an IAM role for an AWS service

You can use the following steps to create an IAM user:

  1. Navigate to the IAM console.
  2. Select Roles, and then choose Create role.
  3. For Select type of trusted entity, choose AWS service.
  4. For Choose a use case, select Redshift.
  5. For Select your use case, choose Redshift – Customizable (allows a Redshift cluster to call AWS services on your behalf). Click Next: Permissions.
  6. Skip Create Policy, click Next: Tags, then click Next: Review.
  7. Provide a role name and click Create role. Note the role name to attach it to the Amazon Redshift cluster.

Recipe 4 – Attaching an IAM role to the Amazon Redshift cluster

You can use the following steps to attach the IAM role to the Amazon Redshift cluster:

  1. Navigate to the Redshift console.
  2. Select CLUSTERS in the left navigation pane.
  3. Select the checkbox beside the Amazon Redshift cluster and select Actions. From the dropdown, select Manage IAM roles under Permissions:

    Figure A.1 – Managing the IAM role for the Amazon Redshift cluster

  4. In the Manage IAM roles section, select the correct IAM role from the dropdown and click on Associate IAM role. Click on Save changes.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.119.131.72