16min

Connect an AWS account

Microtica provisions infrastructure on your own AWS account. In order to enable Microtica to manage cloud resources, you need to connect your AWS account and grant the proper access permissions.

Microtica authenticates with your AWS account by using AWS STS assume role service to generate temporary access tokens. Generated tokens are then used in every subsequent call to your account.

Connect your AWS account in two steps:

  • Create cross-account role
  • Connect AWS account

Create cross-account role

Using CloudFormation

If you like to quickly establish the access then login into your AWS account and follow this link.

The link will redirect you to the CloudFormation page and ask you for the External ID parameter. Enter some secret value in this field and remember it for later.

Manual setup

To create a cross-account role you need to first login into the AWS console. Follow the steps below to establish access between Microtica and your AWS account.

  • Go to IAM service
  • Choose Create role
  • Choose Another AWS account from the list of trusted entity type
  • For Account ID add 652222714481.
  • For External ID add some secret value and remember it for later. Go to next.
Document image



  • From the list of policies, select the ones that you intend to use. For example, if you plan on creating a Kubernetes cluster you should enable permissions for EKS and EC2 for Kubernetes nodes. You can also create a custom policy with more narrow permissions. To be able to use Microtica's ready-made templates and infrastructure components, add the following access policy:
JSON
|
  • Choose the newly created policy from the list and go to Next
Document image



  • Enter the role name of your choice
  • Once the role is created we need to configure the role’s trusted relationships. Choose the newly created role and go to Trust relationships. Before you add the policy defined below, replace <EXTERNAL_ID> with the secret you have chosen while creating the role:
JSON
|

Least privileges

It’s a best practice to always follow principle of least privileges. Start by giving Microtica least privileges and then expand permissions as you see a need for that.

Connect your AWS account

Once the role is properly configured in your AWS account you can attach the account from the Microtica portal and start deploying infrastructure in the cloud. Go to Project Settings and choose the Integrations tab. Under there select Cloud Accounts > Connect AWS.

Document image

Enter the necessary credentials to connect your AWS account:

Document image

Now, you are ready to automate and deploy your infrastructure on AWS.

Revoking access

To completely revoke Microtica access to your AWS account you just need to remove the previously created cross-account role. After that, Microtica will no longer have access to your cloud account.