You can connect multiple Amazon Web Services (AWS) accounts to ShuttleOps. ShuttleOps interacts with your AWS account through an Identity and Access Management (IAM) user. The following instructions describe how to add this user to your AWS account and enter your AWS settings in ShuttleOps.

Connect an AWS Account

Click the Connect tab, then click Connect (or Edit) on the AWS tile.

 

If you’ve already connected an AWS account to ShuttleOps and want to connect another account, click + Add New. Complete the following steps to connect ShuttleOps to your AWS account.

 

1. Enter a Connection Name

Enter a name for the connection. This name is used to identify the connection in ShuttleOps.

2. Create an IAM User

ShuttleOps interacts with your AWS account through an IAM user. This user requires access key credentials as well as specific permissions within your AWS account.

Use ShuttleOps to quickly add this user to your AWS account. ShuttleOps will create an AWS CloudFormation stack to provision the following resources:

  • an IAM user named ShuttleOpsUser with access key credentials (consisting of an Access Key ID and a Secret Access Key)
  • an IAM policy containing the permissions required by the ShuttleOpsUser

 

Note  If you prefer to create the IAM user yourself, make sure the user has access key credentials. The user must also have the following permissions. Note that the IAM user requires all Amazon Credential Manager (ACM) permissions in order to manage HTTPS/SSL certificates for the user. The IAM user also requires all Elastic Load Balancing permissions in order to provide a managed load balancer for users.

 

acm:*

elasticloadbalancing:*

ec2:RunInstances

ec2:AssociateIamInstanceProfile

ec2:ReplaceIamInstanceProfileAssociation

ec2:CreateKeyPair

ec2:DeleteKeyPair

ec2:ImportKeyPair

ec2:CreateSecurityGroup

ec2:DeleteSecurityGroup

ec2:CreateTags

ec2:DeleteTags

ec2:AuthorizeSecurityGroupIngress

ec2:AuthorizeSecurityGroupEgress

ec2:RevokeSecurityGroupIngress

ec2:RevokeSecurityGroupEgress

ec2:TerminateInstances

ec2:DescribeKeyPairs

ec2:DescribeSecurityGroups

ec2:DescribeAccountAttributes

ec2:DescribeNetworkInterfaces

ec2:DescribeInstances

ec2:DescribeVolumes

ec2:DescribeTags

ec2:DescribeImages

ec2:DescribeInstanceAttribute

ec2:DescribeInstanceCreditSpecifications

ec2:DescribeVpcs

ec2:DescribeSubnets

route53:CreateHostedZone

route53:ListHostedZones

route53:ChangeResourceRecordSets

route53:ListResourceRecordSets

route53:DeleteHostedZone

route53:ListHostedZonesByName

 

  1. Click Launch Stack.

  2. The AWS website opens. If necessary, login to your AWS account.
  3. The Step 1: Specify template page appears. The template required to create the ShuttleOpsUser and assign the required permissions is already selected. Click Next.
  4. The Step 2: Specify stack details page appears. You don’t need to change any settings on this page. Click Next.
  5. The Step 3: Configure stack options page appears. You don’t need to change any settings on this page. Click Next.
  6. The Step 4: Review page appears. Scroll to the bottom of the page and select the checkbox beside I acknowledge that AWS CloudFormation might create IAM resources with custom names. This allows ShuttleOps to create the IAM user and policy.

  7. Click Create stack. AWS creates a CloudFormation stack with the resources ShuttleOps requires.

3. Enter the IAM User Key Credentials in ShuttleOps

Enter the AWS Access Key ID and AWS Secret Access Key for the ShuttleOpsUser created in the previous step. You can find these keys in AWS on the stack’s Outputs tab.

 4. Enter your AWS Deployment Region in ShuttleOps

Select the AWS region where your applications will be hosted.

5. Select Your Default AWS Account

Select the Set as Default checkbox to select this AWS account as the default account for AWS deployments.

6. Save Your Settings

Click Save in the ShuttleOps AWS Integration window.

Change an AWS Connection

To change the connection settings for an AWS account, click the Connect tab. Click Edit on the AWS tile. Select an AWS account from the list. You can modify the following information. When you’re done, click Save.

AWS Access Key ID and AWS Secret Access Key  Enter the AWS Access Key ID and Secret Access Key for the ShuttleOpsUser IAM user.

AWS Region  Select the AWS region where your applications will be hosted.

Set as Default  Select this checkbox to select this AWS account as the default account for AWS deployments.

Delete an AWS Connection

To delete an AWS connection, click the Connect tab, then click Edit on the AWS tile. Select an AWS account from the list, then click Delete Credential Set. Click Delete to confirm.