Introduction
JetPatch requires an IAM user with read-only permissions to interact with AWS services for tasks like endpoint discovery. This user will be configured with the AmazonEC2ReadOnlyAccess
policy, ensuring limited, secure access to AWS EC2 resources.
Note: Using an IAM user for JetPatch integration is a secure and supported approach. The recommended configuration applies the AmazonEC2ReadOnlyAccess
policy, ensuring strictly controlled access. While AWS often recommends using roles, JetPatch’s current setup relies on IAM users for simplicity and compatibility. Proper safeguards such as access key rotation, secure storage, and monitoring can mitigate associated risks.
Steps
Sign into AWS console, Click on Services, search IAM
Click on Users in left pane
Click on add user
Enter user name, select option Programmatic access and click next: permission
In Permission, window select attach existing policies directly
In filter policy search for AmazonEC2ReadOnlyAccess policy ads cl
Add the tag as per your tagging policy and click on review
Click on create user
The last window download.csv file and share.
This file will have access key and secret key
Managing IAM User Credentials
Note:
To ensure the security of IAM user credentials, we recommend the following best practices:
- Rotate access keys regularly: AWS recommends periodic rotation (e.g., every 90 days). When rotating keys, generate a new access key, update it in JetPatch, test connectivity, and then deactivate the old key.
- Store credentials securely: Use AWS Secrets Manager or another secure credential vault to safely store and manage access keys.
- Monitor user activity: Use AWS CloudTrail to track the usage of IAM credentials and receive alerts for any unexpected behavior.
When rotating credentials, ensure updates to JetPatch are performed during maintenance windows to minimize service interruptions. Proper planning and adherence to these practices will maintain a secure and functional integration.
Conclusion
With the IAM user created and configured, you can now use the access keys to set up AWS integration in JetPatch. The limited permissions ensure that JetPatch has secure and read-only access to your AWS EC2 resources, aligning with JetPatch's operational requirements.
Comments
0 comments
Please sign in to leave a comment.