Articles in this section

Create IAM user with EC2 read-only permission

Introduction

JetPatch requires an IAM user with read-only permissions to interact with AWS services for tasks like endpoint discovery. This user will be configured with the AmazonEC2ReadOnlyAccess policy, ensuring limited, secure access to AWS EC2 resources.

Note: Using an IAM user for JetPatch integration is a secure and supported approach. The recommended configuration applies the AmazonEC2ReadOnlyAccess policy, ensuring strictly controlled access. While AWS often recommends using roles, JetPatch’s current setup relies on IAM users for simplicity and compatibility. Proper safeguards such as access key rotation, secure storage, and monitoring can mitigate associated risks.

Steps

Sign into AWS console, Click on Services, search IAM 

image4.png

 

Click on Users in left pane

image3.png

 

Click on add user

image6.png

 

Enter user name, select option Programmatic access and click next: permission

image5.png

 

In Permission, window select attach existing policies directly 


image8.png



In filter policy search for AmazonEC2ReadOnlyAccess policy ads cl

image7.png

Add the tag as per your tagging policy and click on review

image10.png

Click on create user 

image9.png



The last window download.csv file and share. 

This file will have access key and secret key

image11.png

Managing IAM User Credentials

Note:
To ensure the security of IAM user credentials, we recommend the following best practices:

  1. Rotate access keys regularly: AWS recommends periodic rotation (e.g., every 90 days). When rotating keys, generate a new access key, update it in JetPatch, test connectivity, and then deactivate the old key.
  2. Store credentials securely: Use AWS Secrets Manager or another secure credential vault to safely store and manage access keys.
  3. Monitor user activity: Use AWS CloudTrail to track the usage of IAM credentials and receive alerts for any unexpected behavior.

When rotating credentials, ensure updates to JetPatch are performed during maintenance windows to minimize service interruptions. Proper planning and adherence to these practices will maintain a secure and functional integration.

Conclusion

With the IAM user created and configured, you can now use the access keys to set up AWS integration in JetPatch. The limited permissions ensure that JetPatch has secure and read-only access to your AWS EC2 resources, aligning with JetPatch's operational requirements.

Related articles

Comments

0 comments

Please sign in to leave a comment.