Setting Up Local Users - AWS Snowball Edge Developer Guide

Setting Up Local Users

Following are steps to set up a local administrator on your AWS Snowball Edge device.

  1. Retrieve your root user credentials

    Use the snowballEdge list-access-keys and snowballEdge get-secret-access-key to get your local credentials. For more information, see Getting Credentials.

  2. Configure the root user credential using aws configure

    Supply the AWS Access Key ID, AWS Secret Access Key, and Default region name. The region name must be snow. Optionally supply a Default output format. For more information about configuring the AWS CLI, see Configuring the AWS CLI in the AWS Command Line Interface User Guide.

  3. Create one or more local users on your device

    Use the create-user command to add users to your device.

    aws iam create-user --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName

    After you add users according to your business needs, you can store your AWS root credentials in a safe location and only use them for account and service management tasks. For more information about creating IAM users, see Creating an IAM user in your AWS account in the IAM User Guide.

  4. Create an access key for your user

    Use the create-access-key command to create an access key for your user.

    aws iam create-access-key --endpoint endpointIPaddress --profile ProfileID --region snow --user-name UserName

    Save the access key information to a file and distribute to your users.

  5. Create an access policy

    You might want different users to have different levels of access to functionality on your device. The following example creates a policy document named s3-only-policy and attaches it to a user.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] }
    aws iam create-policy --endpoint endpointIPaddress --profile ProfileID --region snow --policy-name s3-only-policy --policy-document file://s3-only-policy
  6. Attach the policy to your user

    Use the attach-user-policy to attach the s3-only-policy to a user.

    aws iam attach-user-policy --endpoint endpointIPaddress --profile ProfileID --region snow --user-name UserName --policy-arn arn:aws:iam::AccountID:UserName

For more information about using IAM locally, see Using IAM Locally.

Next: Using Your Snowball Edge