...
| Note |
|---|
NoteNIOS uses the access key assignments for authorization and accounting. For example, an Amazon user account may not have the authorization to create a VPC, but can launch new instances in a VPC. Another example, for a vDiscovery in a VPC, you can assign a specific AWS user account that has read access to all objects to all VPC entities (primarily, subnets and EC2 instances) to the NIOS Cloud Admin account. This level of authorization is possible in NIOS because multiple AWS user accounts with varying IAM privileges can be assigned to the NIOS Cloud admin user. |
| Anchor | ||||
|---|---|---|---|---|
|
| Note |
|---|
NoteIn AWS, the access key credentials are used to digitally sign API calls made to AWS services. (Each access key credential has an Access Key ID and a Secret Access Key.) The secret key portion must be secured by the AWS account holder or the IAM user to whom they are assigned. As a best practice, users should rotate their access keys on a regular basis. Refer to the document AWS Security Best Practices by Amazon Web Services (http://aws.amazon.com/whitepapers/aws-security-best-practices/) and the AWS Documentation page IAM Best Practices (http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html) for more information. |
...
The Cloud Admin account is assigned to the cloud-api-only administrative group in Grid Manager, as previously described in Assigning AWS User Credentials to the NIOS Cloud Admin Account. These permissions allow you to create all the important object types through the API Proxy in the AWS environment. You assign these permissions to the entire cloud-api-only administrative group in the Grid Manager.
...