AWS Access Keys

Adding AWS credentials to your PacketFabric environment allows you to perform certain AWS tasks from within the PacketFabric portal, including:

  • Provisioning the AWS VIF from the PacketFabric portal.
  • Upgrading AWS connections without manually deleting and recreating the VIF.
  • Automatically deleting the associated VIF and Direct Connect when deleting the connection from the PacketFabric portal.

This is an optional convenience and is not required to create or manage AWS cloud connections.

Generating AWS credentials in the AWS Management Console

Only admins on your AWS account have access to do this. You may need to request access, or request that an AWS admin generate credentials on your behalf.

Once generated and added to your PacketFabric account, the credentials can be shared by all users in the PacketFabric portal. However, the specific access key remains hidden to prevent the credentials from being transferred elsewhere.

Create a user to associate with the access key

  1. From the AWS Management Console, use the search bar at the top to locate the IAM service.

    IAM search

  2. Select Access Management > Users in the menu on the right.

    IAM users

  3. Click Add users.

  4. Enter a descriptive name for this user, e.g. “PacketFabric_API_access.” Click Next.

    NOTE: While you can optionally select Enable console access to create a user that can log in to the AWS Management Console, the following instructions do not cover that scenario.
  5. Leave the default selection Add user to group and click Next.

  6. Click Create user.

You are returned to the Users page.

Generate the access key

  1. Click the user you just created to go to its details.

  2. Click the Security Credentials subtab.

    IAM security credentials tab

  3. Scroll down to Access keys and click Create access key.

  4. Select Other and note the recommendations provided by AWS. Click Next.

  5. Optionally, add a description for the key.

  6. Click Create access key

  7. Click the copy icon next to your secret access key or export the key to a CSV file.

    IAM copy key

    IMPORTANT: This is the only time you will be able to copy the secret access key. Once you click Done, you will not be able to view or copy it again.
  8. If you copied the key, paste it somewhere temporary for now (the next step will also use your clipboard).

Add permissions for the access key

AWS recommends enabling least-privilege permissions.

  1. From the Permissions sub-tab on the user, select Add permissions > Add inline policy.

  2. Select the JSON tab and paste the following:

  3. Click Review policy.

  4. Provide a descriptive name for the policy and then click Create policy.

Add AWS credentials to PacketFabric

Note that cloud credentials are shared among users within the PacketFabric account. For example, one user can add the credentials when creating Connection 1, and then another user can reuse them when creating Connection 2.

You can add the key in several ways:

  • From Admin > Cloud Credentials. Click Add AWS Credentials.

    Add AWS credentials

  • When you select Provision AWS side of the connection when creating a connection, you have the option to add new credentials.

  • From the Cloud Settings tab on the details page of an existing connection.

    If you provisioned the connection and skipped the Provision AWS side of the connection option, you can still add an AWS access key to the connection. This will allow you to view and modify VLAN attachment details from the portal.

    Add AWS credentials

Managing AWS credentials

You can manage credentials from the details page of a cloud connection under the Cloud Settings tab.

You can also manage keys from Admin > Cloud Credentials:

Cloud credentials page

From here you can add, edit, and delete credentials. This might be necessary for credentials that are expired or have been compromised.

When editing credentials, you will be required to re-enter the access key ID and the secret access key.