AWS Access

Follow

The AWS access settings allow you to control users' access to the AWS console. To adjust these settings:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.

Settings-_-AWS-Access-cloudtamer-io.png

Web Access

The web access section allow you to specify how long you want the AWS console session to last before the user is forced to log in again via cloud access role. By default, the session duration is set to 60 minutes.

To modify the console access session duration (minutes):

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. In the Web Access section, change the Session Duration field to the desired number of minutes.
  4. Click Update AWS Access Settings.

Settings-_-AWS-Access-cloudtamer-io__2_.png

IAM Role Prefix

The IAM role prefix section lets you set a custom prefix for AWS IAM roles. This sets a global naming convention for all AWS IAM role names, which will auto-populate in the IAM Role field on CARs for all users to enforce consistency in role names. Setting or changing the prefix will not change existing roles you have already created.

To enable this:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Toggle Set An IAM Role Prefix to ON
  4. Enter your desired prefix in the Prefix field. cloudtamer.io will automatically add a - after the prefix, so there's no need to include it here.
  5. Click Update AWS Access Settings.

Settings-_-AWS-Access-cloudtamer-io__5_.png

Once you set your prefix, the IAM Role field on the CAR creation form will show it as a field that cannot be edited, like this:

Asthma-Research-Project-_-Project-cloudtamer-io__1_.png

Short-Term Access Keys

To enable or disable the ability to generate short-term access keys from each project page:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Under Short-Term Access Keys, toggle the Allow Generation field to ON or OFF.
  4. Click Update AWS Access Settings.

When short-term access keys enabled, you can set the session duration. To set the duration (in minutes):

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Toggle the Allow Generation field to ON.
  4. In the textbox that displays, enter in a number between 15 and 720. This sets the session duration in minutes.
  5. Click Update AWS Access Settings.

To learn how to add an AWS short-term access key, see our Add an AWS Short-Term Access Key article (requires login; learn more here).

Long Term Access Keys

To enable or disable the ability to generate access keys from each project page:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Under Long-Term Access Keys, toggle the Allow Generation field to ON or OFF.
  4. Click Update AWS Access Settings.

When access key generation is enabled, you can also set the access key lifespan. The application will automatically delete any access keys generated from the project pages and will send a notification to the user who created the keys. To set the access key lifespan (in days):

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Under Long-Term Access Keys, toggle the Lifespan field to ON.
  4. In the textbox that displays, enter in a number of 1 or greater. This sets the session duration in days.
  5. Click Update AWS Access Settings.

When the access key lifespan field is turned on, you can also enable notifications for expiring access keys. To enable notifications:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Under Long-Term Access Keys, toggle the Lifespan field to ON.
  4. Toggle the Enable Notifications For Expiring Access Keys field to ON.
  5. Enter in a number of 1 or greater in the Timeframe Prior To Access Key Expiration To Send Notification field. This allows you to configure how many days ahead of expiration a notification will be sent. 
  6. Click Update AWS Access Settings.

Settings-_-AWS-Access-cloudtamer-io__1_.png

Advanced Settings

Advanced settings allow customization of additional settings for AWS account access.

To adjust these settings:

  1. In the left navigation menu, click Settings > System Settings.
  2. Click AWS Settings under Cloud Providers, then click AWS Access.
  3. Toggle Enable Custom Access URL For Web Access to ON to use a custom URL when sending users to the AWS console. When enabled, you'll have the option to enter a custom URL. Please use the placeholders {ACCOUNT_NAME}, {ACCOUNT_NUMBER}, and {ROLE_NAME} if you would like the account name or the role name to be substituted in the URL.
  4. Toggle Enable Custom Access URL For Short-Term Access Keys to ON to use a custom URL when sending users to the AWS console using short-term access keys. When enabled, you'll have the option to enter a custom URL. Please use the placeholders {ACCOUNT_NAME}, {ACCOUNT_NUMBER}, and {ROLE_NAME} if you would like the account name or the role name to be substituted in the URL.
  5. Toggle Enable Custom Trust Policy to ON to apply a custom trust policy IAM roles if the federation is handled by another system. We provide a sample policy in the UI to get you started.
  6. Click Update AWS Access Settings.

Settings-_-AWS-Access-cloudtamer-io__7_.png

 

Was this article helpful?
0 out of 0 found this helpful