website logo
⌘K
🚀Getting started
Create an account in Microtica
Create an application from template
Import an existing application
Scaling Applications in Microtica
⏰Changelog
📚Ready-to-use Templates
Strapi Serverless
SPA on CloudFront
Amazon EKS
Node.js
n8n Workflow Automation
🤖Migrate to Microtica
Migrate from Heroku to AWS
🚦Pipelines
Pipeline Syntax
Steps
Stages
Artifacts
Variables
🔗Integrations
Connect an AWS account
Connect an Existing Kubernetes Cluster
Connect a Container Registry
⚙️Project Settings
Manage teammates
Manage pricing plan and billing
Docs powered by archbee 
16min

Connect an AWS account

Microtica provisions infrastructure on your own AWS account. In order to enable Microtica to manage cloud resources, you need to connect your AWS account and grant the proper access permissions.

Microtica authenticates with your AWS account by using AWS STS assume role service to generate temporary access tokens. Generated tokens are then used in every subsequent call to your account.

Connect your AWS account in two steps:

  • Create cross-account role
  • Connect AWS account

Create cross-account role

Using CloudFormation

If you like to quickly establish the access then login into your AWS account and follow this link.

The link will redirect you to the CloudFormation page and ask you for the External ID parameter. Enter some secret value in this field and remember it for later.

Manual setup

To create a cross-account role you need to first login into the AWS console. Follow the steps below to establish access between Microtica and your AWS account.

  • Go to IAM service
  • Choose Create role
  • Choose Another AWS account from the list of trusted entity type
  • For Account ID add 652222714481.
  • For External ID add some secret value and remember it for later. Go to next.
Document image



  • From the list of policies, select the ones that you intend to use. For example, if you plan on creating a Kubernetes cluster you should enable permissions for EKS and EC2 for Kubernetes nodes. You can also create a custom policy with more narrow permissions. To be able to use Microtica's ready-made templates and infrastructure components, add the following access policy:
JSON
|
  • Choose the newly created policy from the list and go to Next
Document image



  • Enter the role name of your choice
  • Once the role is created we need to configure the role’s trusted relationships. Choose the newly created role and go to Trust relationships. Before you add the policy defined below, replace <EXTERNAL_ID> with the secret you have chosen while creating the role:
JSON
|

Least privileges

It’s a best practice to always follow principle of least privileges. Start by giving Microtica least privileges and then expand permissions as you see a need for that.

Connect your AWS account

Once the role is properly configured in your AWS account you can attach the account from the Microtica portal and start deploying infrastructure in the cloud. Go to Project Settings and choose the Integrations tab. Under there select Cloud Accounts > Connect AWS.

Document image

Enter the necessary credentials to connect your AWS account:

Document image

Now, you are ready to automate and deploy your infrastructure on AWS.

Revoking access

To completely revoke Microtica access to your AWS account you just need to remove the previously created cross-account role. After that, Microtica will no longer have access to your cloud account.



Updated 06 May 2022
Did this page help you?
Yes
No
UP NEXT
Connect an Existing Kubernetes Cluster
Docs powered by archbee 
Updated 06 May 2022
Did this page help you?
Yes
No
UP NEXT
Connect an Existing Kubernetes Cluster
Docs powered by archbee 
TABLE OF CONTENTS
Create cross-account role
Using CloudFormation
Manual setup
Least privileges
Connect your AWS account
Revoking access