Photo by Daryn Bartlett

How to connect Opsidian to AWS using keys

As a part of our previous post, we showed how Opsidian can be installed and used with an example AWS infrastructure. We used a cross account based installation of Opsidian, where we created an AWS role and gave Opsidian permissions to us this role to connect to our AWS account.

Since then, Opsidian introduced another method of connecting to your AWS account — using AWS keys.

AWS keys is a well known method of connecting and integrating external services and software. Instead of using a password and a username, you generate a key pair, which can be used to authorize your API requests to AWS. Every key pair is associated with an IAM role, which defines access permissions for a given key pair.

In order to use AWS keys to connect Opsidian to your account, run /ops account configure in your Slack, and click Access Keys.

Opsidian will show you instructions on how to create the keys. In general, we need to:

1. Create an IAM user in AWS with a read-only access policy, this policy will prevent the user from making any changes in your infrastructure.
2. Copy the AWS key ID and the AWS Secret Key ID from the created user.
3. Tell Opsidian to use the keys to connect to AWS.

The first point can be easily achieved either by using Opsidian’s preconfigured CloudFormation stack, or by creating the user manually.

Creating the user using Opsidian’s CloudFormation

You can launch the CloudFormation template directly from Slack (or by clicking here).

Click Launch Stack to create your user using Opsidian’s CloudFormation template

Once the user is created, you will see its name and keys in the Outputs tab of the CloudFormation stack. Remember the keys, we will use them in the next step.

Creating the user manually

If you don’t want to use Opsidian’s CloudFormation template you can create the user manually. In IAM click Add User, choose a name, and select the Programmatic Access access type. Next, in the permissions section attach the ReadOnlyAccess policy to the user, just as it is shown in the screenshot below.

After reviewing the changes, you will be presented with an Access Key ID and a Secret Key. We will use them to connect Opsidian to our AWS.

In your Slack, execute:

/ops account add keys name=MyAccount key=AKIAIMMFCR3LEHMNJ6BA secret=8U36dsQU4AVVzinbedReqvgUuIAf6Vw+470xVr6+ region=eu-west-1

Substitute the keys with yours and choose whatever account name and region you like. Now your Opsidian bot is connected to your AWS, confirm it by running a command like listing your EC2 instances:

/ops ec2 show me my instances

That’s it. If you have any questions, visit Opsidian’s Slack room: http://opsidian.ai/slack/. If you encounter any problems, send us a message using the contact form at https://opsidian.ai/contact/. You can also submit feedback directly from Slack using /ops feedback what went wrong.