All AWS API requests include an AccessKeyID and are signed with a corresponding SecretAccessKey. These authenticate the sender of the request and verify the authenticity of the request message. AWS generates the Access Key ID and Secret Access Key as a key pair, comprising an access key credential for a specific AWS account user in the AWS Identity & Access Management (IAM) service.
As the intermediary recipient of the API requests destined for AWS, NIOS must authenticate the sender of the request and verify the authenticity of the request message. Each Access Key ID and Secret Access Key pair received by the AWS API Proxy must be assigned to a NIOS user, with sufficient privileges given by a NIOS system administrator. You can assign multiple AWS user accounts to a single NIOS Cloud Admin user account, with the required cloud-api-only NIOS group setting. You can do so by adding existing AWS user accounts directly to NIOS through Grid Manager. For information, see the Configuring the NIOS Cloud Admin User section.
| Note |
|---|
NoteNIOS uses the access key assignments for authorization and accounting. For example, an Amazon user account may not have the authorization to create a VPC, but can launch new instances in a VPC. Another example, for a vDiscovery in a VPC, you can assign a specific AWS user account that has read access to all objects to all VPC entities (primarily, subnets and EC2 instances) to the NIOS Cloud Admin account. This level of authorization is possible in NIOS because multiple AWS user accounts with varying IAM privileges can be assigned to the NIOS Cloud admin user. |
...
In Grid Manager, from the Cloud tab, select the Tenants tab. The Name and ID columns show the Tenant ID values.
Click the Name value for a tenant to view the Networks and VMs pages for the selected tenant.
| Anchor | ||||
|---|---|---|---|---|
|
You can continue with the assignment of AWS users to the NIOS cloud account by ensuring that the cloud administrator exists in NIOS. You can add AWS users directly to NIOS.
To create the NIOS cloud admin account for mapping, complete the following steps:
(if you have already defined a cloud admin, you can skip Steps 1–5 of this procedure):
...
The Cloud Admin account is assigned to the cloud-api-only administrative group in Grid Manager, as previously described in Assigning AWS User Credentials to the NIOS Cloud Admin Account. These permissions allow you to create all the important object types through the API Proxy in the AWS environment. You assign these permissions to the entire cloud-api-only administrative group in the Grid Manager.
...