Overview
JetPatch requires an IAM user with read-only permissions to interact with AWS services for tasks such as endpoint discovery.
This user is configured with the AmazonEC2ReadOnlyAccess policy, ensuring limited, secure access to AWS EC2 resources.
Note: Using an IAM user for JetPatch integration is a secure and supported approach. The recommended configuration applies the AmazonEC2ReadOnlyAccess policy, ensuring strictly controlled access. While AWS often recommends using roles, JetPatch relies on IAM users for simplicity and compatibility. Proper safeguards such as access key rotation, secure storage, and monitoring can mitigate associated risks. |
Steps
- Sign in to the AWS Console.
- Click Services and search for IAM.
- In the left pane, click Users.
- Click on "Add user"
- Enter a user name,
- Select Programmatic access
- Click Next: Permissions.
- In the Permissions window, select Attach existing policies directly.
- In filter policy search for AmazonEC2ReadOnlyAccess policy ads cl
- Add the tag as per your tagging policy and click on review
- Click on create user
- On the final screen, download the .csv file and store it securely.
- This file contains the Access Key and Secret Key required for JetPatch configuration.
Managing IAM User Credentials
To ensure the security of IAM user credentials, follow these best practices:
| Practice | Details |
| Rotate Access Keys Regularly | AWS recommends periodic rotation (e.g., every 90 days). When rotating: generate a new access key → update it in JetPatch → test connectivity → deactivate the old key. |
| Store Credentials Securely | Use AWS Secrets Manager or another secure credential vault to safely store and manage access keys. |
| Monitor User Activity | Use AWS CloudTrail to track IAM credential usage and receive alerts for any unexpected behavior. |
| Note: When rotating credentials, perform updates to JetPatch during maintenance windows to minimize service interruptions. |
Comments
0 comments
Please sign in to leave a comment.