Setup in your AWS account
Setting up permissions in your AWS account to link credentials to NetBook
Here is a guide on how to connect your credentials to NetBook.
We wish to simplify the process so that you would need minimal intervention from your IT teams.
We need you to create policy for NetBook to use.
Creating IAM policy for NetBook
Resources that NetBook uses in your account
EC2 Instances
This is to spin up instances for your workspaces and experiments
EKS ( Amazon Kubernetes clusters)
This is to enable Kubernetes setup for workspaces and enabling distributed GPU trainings
EC2 Network-Stack
Managing access to clusters and nodes and securing the instances from public access
Cost and Usage
To get cost estimate. (Note: Please enable Hourly data on Cost Explorer setting page ).
Please check in your AWS console if you have access to these resources. If you do, you can directly skip to generating Access key , secret, and adding them to the NetBook portal.
Most organizations don't give users access to create policies. In this case, there are some steps the IT team or IAM admin needs to set up in your AWS account for you to connect your credentials with NetBook.
How to add policies to AWS through the AWS console
Navigate to policies on the left side panel. You will find existing policies here
Click on create policy on the right. You will find two options for visual editor and JSON.
Select JSON and copy the policy JSON and give it a name
Policy JSON
Please notice:
Note: NetBook creates every resource with a tag nb-prod to make sure we don't access any other resources of your account other than the ones NetBook created. We make sure that NetBook gets limited access to your cloud.
Note : Please replace <acc_id> with your Account ID.
Additional Roles
For creating Role "arn:aws:iam::<acc_id>:role/AWSServiceRoleForAmazonEKS":
Go to IAM -> Roles -> Create Roles
Select EKS in Use cases for other AWS services: then select EKS
Then Proceed with Default permissions and name this role as AWSServiceRoleForAmazonEKS
For creating Role "arn:aws:iam::<acc_id>:role/AWSServiceRoleForAmazonEKSNodegroup":
Go to IAM -> Roles -> Create Roles
Select EKS in Use cases for other AWS services: then select EKS Nodegroup
Then proceed with Default permissions and proceed with the default name, as this won’t be editable “AWSServiceRoleForAmazonEKSNodegroup”
For creating role "arn:aws:iam::<acc_id>:role/netbook-AWS-NodeGroupInstanceRole-CAFE"
Go to IAM -> Roles -> Create Roles
Select Custom trust policy and paste the following JSON:
Then Add the following AWS managed policies:
Then name this role as “arn:aws:iam::<acc_id>:role/netbook-AWS-NodeGroupInstanceRole-CAFE“
For creating role "arn:aws:iam::<acc_id>:role/netbook-AWS-ServiceRoleForEKS-BADBEEF"
Go to IAM -> Roles -> Create Roles
Select Custom trust policy and paste the following JSON:
Then Add the following AWS managed policies:
Then name this role as “arn:aws:iam::<acc_id>:role/netbook-AWS-ServiceRoleForEKS-BADBEEF“
Adding policies to the User
You will find a list of all available policies including AWS default policies. Search for the policies that you created earlier and assign them to the user
Next add tag with Key : scope and Value : nb-prod
Generating User Access key Id and Access key secret to provide NetBook
Select the Security credentials tab in the user information
You can download the Access Key and Secret as a CSV from the platform.
NOTE: You will find a warning not to share your access keys and secrets to public platforms. NetBook handles the access key security through a secured vault.
Now you are done with creating the needed keys for the NetBook platform. These are the steps you need your IT team's help to setup Credentials. Now let us move to how to connect them to NetBook's platform
Last updated
