๐Ÿ”— Supported Cloud Objects๐Ÿ”— Portal๐Ÿ”— REST API๐Ÿ”— tuono.com

AWS Credentials

This article will walk you - step by step - through the configuration of AWS credentials for Tuono. To enable Tuono on your Amazon AWS account.

Overview

To connect Tuono to your AWS account, you will create an IAM User named tuono with the specific permissions that are necessary to provision infrastructure programmatically. By following the instructions below you will generate two keys required to connect Tuono to your AWS account.

Identifier

Purpose

Access Key

This is similar to a username for accessing Amazon controls through their API. Tuono uses this key to communicate with AWS.

Secret Key

This is a password for the Access Key.

Additionally, you will need to select a credentialing style. Tuono can operate in three different modes for credentialing. You will need to choose the method you want to use, as that affects the remaining configuration steps.

We recommend that you use static credentialing on AWS, and either static or short-term credentialing on Azure

Credentialing Mode

Description

Static

You create a group in IAM, apply a series of required roles to that group and finally create a user and make it part of that group. Tuono uses the Access Key and Secret key that you generated above to access your AWS Account. You manage the validity of the secret using the AWS Console. All changes made to the subscription are attributed to the Tuono application.

Dynamic

You provide Tuono with an additional IAM role (IAMFullAccess). This allows Tuono to dynamically create time-limited credentials for each job that provisions infrastructure. All changes made to the subscription are attributed to the Tuono application.

Short Term Credentials

leverages temporary security credentials that are short term with configurable expiration dates. After the credential expires the venue will no longer allows any kind of access through the leveraged APIs. For AWS adding Short Term Credentials requires the user to provide the Access key, Secret Key and STS Session Token. On Azure you provide the Client, Tenant, and Subscription and then you authenticate directly with Azure to generate a limited-use token.

Credential Configuration Steps

PreviousAccount SetupNextGUI Configuration

Last updated

Was this helpful?