Configure AWS Access Credentials
NineData uses AWS access credentials to create private network endpoints, query required AWS resources such as PrivateLink, EC2, and RDS, and establish private connectivity between NineData and your database.
Permission Policy
AWS credentials must include the permissions in the policy below.
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateVpcEndpoint",
"ec2:CreateSubnet",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroupRules",
"ec2:ModifyVpcEndpointServicePermissions",
"rds:DescribeDBInstances"
],
"Resource":"*"
}
]
}
If you use an IAM user instead of the root account, ask an AWS administrator to attach the required policy to that IAM user.
Step 1: Create a Custom Policy
Sign in to the AWS IAM Console.
Go to Access management > Policies.
Click Create Policy.
Select the JSON tab, copy the policy in Permission Policy, paste it into the JSON editor, and click Next: Tags.
Click Next: Review, and enter a policy name on the Review Policy page.
tipThe policy name supports 1 to 128 characters and can contain English letters, numbers, and these special characters:
+=,.@-_.Click Create Policy.
Step 2: Add an AccessKey Credential
Sign in to the AWS IAM Console.
Go to Access management > Users, find the IAM user to authorize, and open the user details page.
tipUse the IAM user whose access key will be added to NineData.
On the Permissions tab, click Add permissions.
Select Attach existing policies directly, select the custom policy created in Step 1, and click Next: Review.
tipUse the search box to find the policy by name.
Click Add Permissions.
Open Security credentials for the IAM user, or open the AWS security credentials page.
Obtain the Access key ID and Secret access key. For more information, see Managing access keys for IAM users.
Sign in to the NineData Console.
Go to **Datasource** > **Access Credentials**, and click **Create Credentials**.Configure the credential, and click Create Credential.
Parameter Description Name Enter a credential name that is easy to identify later. Cloud Vendor Select AWS. Type Select AccessKey. Access Key Enter the Access key ID. Access Key Secret Enter the Secret access key.
Result
The AWS credential is available in NineData and can be selected when you configure AWS data sources or private connectivity.