Skip to main content

Configure AWS Access Credentials

NineData uses AWS access credentials to create private network endpoints, query required AWS resources such as PrivateLink, EC2, and RDS, and establish private connectivity between NineData and your database.

Permission Policy

AWS credentials must include the permissions in the policy below.

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateVpcEndpoint",
"ec2:CreateSubnet",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeVpcEndpointServices",
"ec2:DescribeVpcEndpoints",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSecurityGroupRules",
"ec2:ModifyVpcEndpointServicePermissions",
"rds:DescribeDBInstances"
],
"Resource":"*"
}
]
}
tip

If you use an IAM user instead of the root account, ask an AWS administrator to attach the required policy to that IAM user.

Step 1: Create a Custom Policy

  1. Sign in to the AWS IAM Console.

  2. Go to Access management > Policies.

  3. Click Create Policy.

  4. Select the JSON tab, copy the policy in Permission Policy, paste it into the JSON editor, and click Next: Tags.

  5. Click Next: Review, and enter a policy name on the Review Policy page.

    tip

    The policy name supports 1 to 128 characters and can contain English letters, numbers, and these special characters: +=,.@-_.

  6. Click Create Policy.

Step 2: Add an AccessKey Credential

  1. Sign in to the AWS IAM Console.

  2. Go to Access management > Users, find the IAM user to authorize, and open the user details page.

    tip

    Use the IAM user whose access key will be added to NineData.

  3. On the Permissions tab, click Add permissions.

  4. Select Attach existing policies directly, select the custom policy created in Step 1, and click Next: Review.

    tip

    Use the search box to find the policy by name.

  5. Click Add Permissions.

  6. Open Security credentials for the IAM user, or open the AWS security credentials page.

  7. Obtain the Access key ID and Secret access key. For more information, see Managing access keys for IAM users.

  8. Sign in to the NineData Console.

    Go to **Datasource** > **Access Credentials**, and click **Create Credentials**.
  9. Configure the credential, and click Create Credential.

    Parameter
    Description
    NameEnter a credential name that is easy to identify later.
    Cloud VendorSelect AWS.
    TypeSelect AccessKey.
    Access KeyEnter the Access key ID.
    Access Key SecretEnter the Secret access key.

Result

The AWS credential is available in NineData and can be selected when you configure AWS data sources or private connectivity.