Skip to main content

Creating a Read-Only AWS User with Console and CLI Access for Obok Integration

Luis Cosio
  • Updated

 

This guide outlines how to create an IAM (Identity and Access Management) user in your AWS account with read-only permissions. This user will have access to the AWS Management Console and the AWS Command Line Interface (CLI), allowing Obok to securely assess your AWS environment without the ability to make any changes.

Steps to Create the Read-Only User:

  1. Navigate to IAM in the AWS Console:

    • Sign in to your AWS Management Console.
    • In the services search bar, type IAM and select it from the results.

  2. Add a New User:

    • In the IAM dashboard, click on Users in the left-hand navigation pane.
    • Click the Create user button.

  3. Specify User Details:

    • User name: Enter a descriptive name for the user (e.g., ObokReadOnlyUser).
    • Provide user access to the AWS Management Console - optional: Check this box.
      • Select "I want to create an IAM user".
      • Console password: Choose Custom password and create a strong, unique password, or select Autogenerated password. If you choose autogenerated, ensure you note it down in the next step.
      • User must create a new password at next sign-in: It's recommended to leave this unchecked for service accounts, or if checked, be prepared to log in once to set a permanent password and then provide that permanent password to Obok. For simplicity with Obok, unchecking might be easier if you are managing the credential handoff.
    • Click Next.

  4. Set Permissions:

    • On the "Set permissions" page, select Attach policies directly.
    • In the "Permissions policies" search box, type ReadOnlyAccess.
    • Check the box next to the ReadOnlyAccess AWS managed policy. This policy grants view-only access to all AWS services and resources.
    • Click Next.

  5. Review and Create:

    • Review the user details and permissions to ensure everything is correct.
    • Click Create user.

  6. Retrieve and Secure Credentials:

    • Console Sign-in Details: If you chose an autogenerated password or need the console sign-in link, the success page will provide this. Make sure to save the Password.
    • Create Access Key (for CLI Access):
      • Once the user is created, click on the username in the user list.
      • Go to the Security credentials tab.
      • Scroll down to the "Access keys" section and click Create access key.
      • Select Command Line Interface (CLI) as the use case.
      • Read the recommendation and check the acknowledgment box: "I understand the above recommendation and want to proceed to create an access key."
      • Click Next.
      • (Optional) Set a description tag for the access key (e.g., Obok Integration Key).
      • Click Create access key.
      • IMPORTANT: This is your only opportunity to view and download the Secret access key.
        • Copy the Access key ID.
        • Copy the Secret access key.
        • It's highly recommended to also click Download .csv file and store this file securely.

Final Step: Provide Credentials to Obok

To complete the integration with Obok, you will need to securely provide us with the following credentials for the ReadOnlyAccess user you just created:

  • AWS Management Console Username: (e.g., ObokReadOnlyUser)
  • AWS Management Console Password: (the custom or autogenerated password you set/retrieved)
  • Access Key ID: (obtained in Step 6)
  • Secret Access Key: (obtained in Step 6)

Please send these credentials to us via our secure support desk. You can initiate this by sending an email to support@getobok.com indicating you are providing AWS credentials for your Obok CSPM onboarding. Our support team will then guide you on the most secure method to transmit these details, often through an encrypted channel or a secure submission form on our support portal.

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk