-
Release Notes
- July 8, 2024
- May 22, 2024
- April 17, 2024
- March 20, 2024
- February 22, 2024
- January 18, 2024
- 2023 Releases
- 2022 Releases
-
2021 Releases
- December 20, 2021
- December 1, 2021
- November 22, 2021
- November 4, 2021
- October 26, 2021
- September 30, 2021
- September 22, 2021
- September 2, 2021
- August 16, 2021
- August 2, 2021
- July 19, 2021
- July 1, 2021
- June 17, 2021
- June 1, 2021
- April 30, 2021
- April 8, 2021
- March 25, 2021
- March 15, 2021
- February 25, 2021
- February 8, 2021
- January 28, 2021
- January 21, 2021
- January 13, 2021
- 2020 Releases
- Getting Started
- Ports
- Cross Connects
- Point-to-Point
- Virtual Circuits
- Cloud Connections
- Cloud Router
- Marketplace & IX
- Administration
- Billing
- Troubleshooting & FAQ
- Technical Reference
- Partners Portal
- API & Automation
AWS Access Keys
Adding AWS credentials to your PacketFabric environment allows you to perform certain AWS tasks from within the PacketFabric portal, including:
- Provisioning the AWS VIF from the PacketFabric portal.
- Upgrading AWS connections without manually deleting and recreating the VIF.
- Automatically deleting the associated VIF and Direct Connect when deleting the connection from the PacketFabric portal.
This is an optional convenience and is not required to create or manage AWS cloud connections.
Generating AWS credentials in the AWS Management Console
Only admins on your AWS account have access to do this. You may need to request access, or request that an AWS admin generate credentials on your behalf.
Once generated and added to your PacketFabric account, the credentials can be shared by all users in the PacketFabric portal. However, the specific access key remains hidden to prevent the credentials from being transferred elsewhere.
Create a user to associate with the access key
-
From the AWS Management Console, use the search bar at the top to locate the IAM service.
-
Select Access Management > Users in the menu on the right.
-
Click Add users.
-
Enter a descriptive name for this user, e.g. “PacketFabric_API_access.” Click Next.
NOTE: While you can optionally select Enable console access to create a user that can log in to the AWS Management Console, the following instructions do not cover that scenario. -
Leave the default selection Add user to group and click Next.
-
Click Create user.
You are returned to the Users page.
Generate the access key
-
Click the user you just created to go to its details.
-
Click the Security Credentials subtab.
-
Scroll down to Access keys and click Create access key.
-
Select Other and note the recommendations provided by AWS. Click Next.
-
Optionally, add a description for the key.
-
Click Create access key
-
Click the copy icon next to your secret access key or export the key to a CSV file.
IMPORTANT: This is the only time you will be able to copy the secret access key. Once you click Done, you will not be able to view or copy it again. -
If you copied the key, paste it somewhere temporary for now (the next step will also use your clipboard).
Add permissions for the access key
AWS recommends enabling least-privilege permissions.
-
From the Permissions sub-tab on the user, select Add permissions > Add inline policy.
-
Select the JSON tab and paste the following:
AWS Direct Connect permissions{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "directconnect:ConfirmConnection", "directconnect:CreatePrivateVirtualInterface", "directconnect:CreateTransitVirtualInterface", "directconnect:CreatePublicVirtualInterface", "directconnect:CreateDirectConnectGateway", "directconnect:CreateDirectConnectGatewayAssociation", "directconnect:UpdateDirectConnectGateway", "directconnect:UpdateConnection", "directconnect:UpdateDirectConnectGatewayAssociation", "directconnect:UpdateVirtualInterfaceAttributes", "directconnect:DescribeConnections", "directconnect:DescribeDirectConnectGateways", "directconnect:DescribeDirectConnectGatewayAssociations", "directconnect:DescribeDirectConnectGatewayAttachments", "directconnect:DescribeVirtualGateways", "directconnect:DescribeVirtualInterfaces", "directconnect:DescribeRouterConfiguration", "directconnect:DeleteDirectConnectGatewayAssociation", "directconnect:DeleteDirectConnectGateway", "directconnect:DeleteVirtualInterface", "directconnect:DeleteConnection", "directconnect:DescribeTags", "directconnect:TagResource", "directconnect:UntagResource", "ec2:DescribeRegions", "ec2:CreateVpnGateway", "ec2:AttachVpnGateway", "ec2:EnableVgwRoutePropagation", "ec2:CreateTransitGateway", "ec2:CreateTransitGatewayVpcAttachment", "ec2:DescribeVpcs", "ec2:DescribeRouteTables", "ec2:DescribeSubnets", "ec2:DescribeVpnGateways", "ec2:DescribeTransitGateways", "ec2:DescribeTransitGatewayAttachments", "ec2:DescribeTransitGatewayVpcAttachments", "ec2:DetachVpnGateway", "ec2:DeleteVpnGateway", "ec2:DeleteTransitGatewayVpcAttachment", "ec2:DeleteTransitGateway", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags" ], "Resource": "*" } ] }
-
Click Review policy.
-
Provide a descriptive name for the policy and then click Create policy.
Add AWS credentials to PacketFabric
Note that cloud credentials are shared among users within the PacketFabric account. For example, one user can add the credentials when creating Connection 1, and then another user can reuse them when creating Connection 2.
You can add the key in several ways:
-
From Admin > Cloud Credentials. Click Add AWS Credentials.
-
When you select Provision AWS side of the connection when creating a connection, you have the option to add new credentials.
-
From the Cloud Settings tab on the details page of an existing connection.
If you provisioned the connection and skipped the Provision AWS side of the connection option, you can still add an AWS access key to the connection. This will allow you to view and modify VLAN attachment details from the portal.
Managing AWS credentials
You can manage credentials from the details page of a cloud connection under the Cloud Settings tab.
You can also manage keys from Admin > Cloud Credentials:
From here you can add, edit, and delete credentials. This might be necessary for credentials that are expired or have been compromised.
When editing credentials, you will be required to re-enter the access key ID and the secret access key.
Updated on 16 May 2023