Configuring user credentials for Amazon Web Services workloads
The Amazon Web Services (AWS) accounts, represented by aliases in BMC Cloud Lifecycle Management, serve to perform specific functions in the Amazon cloud based on requests sent by BMC Cloud Lifecycle Management. The following sections provide account configuration instructions:
Overview of AWS accounts
You use AWS accounts to create and manage AWS instances. More specifically, AWS accounts are used to retrieve the Virtual Private Cloud (VPC) in an availability zone and to provision an Amazon Machine Image (AMI) in the VPC. Organizations may want to use multiple AWS accounts for different reasons. For example, IT departments may serve different corporate units, each with their own AWS account. Or, for cost accounting purposes, teams may want to be responsible for paying their own AWS bills.
All AWS accounts are associated with a single AWS provider instance. AWS accounts are not specifically linked with BMC Cloud Lifecycle Management tenants. Instead, users associated with a tenant group can use multiple AWS accounts, and a single AWS account can be used by multiple tenant users. The actions you perform on AWS accounts do not affect tenants.
When setting up your AWS account, you enter the security credentials associated with the AWS account, specifically the shared keys. The shared key files are maintained in encrypted format in the BMC Cloud Lifecycle Management environment. The underlying AWS Java module retrieves these files from the enterprise BMC Remedy AR System server and uses them to connect to the AWS API. A master account is used in the context of a pod search to reduce the number of AWS API calls to multiple user accounts. To improve search performance, specify one account as a master account.
To align the user creation process for Amazon Elastic Compute Cloud (Amazon EC2) workloads with the process for on-premise workloads, BMC Cloud Lifecycle Management enrolls all instances in BMC Server Automation (if the Enroll Server option is set to True on the Providers workspace of the BMC Cloud Lifecycle Management Administration Console). It also uses BMC Server Automation to create users on enrolled Amazon EC2 instances. User name and password information is taken as input from the service request UI on the My Cloud Services console.
To enable the public/private key authentication for Linux instances, define a blueprint parameter (“
BmcSshInstanceKey”) with user input enabled. While creating Amazon Service blueprint, this parameter must be specified. The value for this parameter is the name of an existing key pair created in Amazon. For more information about how to create
BmcSshInstanceKey, see here in the Amazon documentation.
Before you begin
You should already have an AWS account and be familiar with basic AWS operations. Prior to configuring the user credentials for the AWS workloads, you must obtain access credentials, as described below.
To obtain AWS access credentials
BMC Cloud Lifecycle Management communicates with AWS by using its public SOAP APIs. To use these APIs, you must provision BMC Cloud Lifecycle Management with the correct access credentials. These access credentials are obtained from your AWS account. To configure the user credentials for AWS, click the Access Keys tab on the AWS Security Credentials page in your AWS account. You will need the Access Key ID and the Secret Access Key to configure the user credentials in BMC Cloud Lifecycle Management.
See the Amazon Web Services security credentials documentation for detailed information on access keys.
To add an account
- In the Providers workspace, select Compute.
- Select an AWS provider in the list of providers.
- Click Manage EC2 User Credentials .
The Manage EC2 User Credentials dialog box is opened and ready for data input. On this dialog box, you specify a user name and the AWS account credentials needed to establish a secure connection to an Amazon Elastic Compute Cloud (EC2) provider instance.
Complete the following fields:
User name assigned to this AWS account. The user name serves as an alias for a set of Amazon credentials.
Access Key The Access Key ID from the Access Keys tab on the AWS Security Credentials page in your AWS account. Shared Secret The Secret Access Key associated with the Access Key. This key is just a long string of characters (and not a file) that you use to calculate the digital signature that you include in the request. The key is available from the Access Keys tab on the AWS Security Credentials page in your AWS account.
- Click Save and close the dialog box.
To edit an account
- Select the user account to be edited.
- Click the Edit User Credentials icon to enable editing of the account credentials.
- Make the changes to the credentials, and click Update.
To delete an account
- Select the user account to be deleted, and click the Delete User Credentials icon.
- At the prompt, click Yes.
Where to go from here
You can now build a network blueprint.