Setup in your AWS account
Setting up permissions in your AWS account to link credentials to NetBook
Last updated
Setting up permissions in your AWS account to link credentials to NetBook
Last updated
Here is a guide on how to connect your credentials to NetBook.
We wish to simplify the process so that you would need minimal intervention from your IT teams.
We need you to create policy for NetBook to use.
EC2 Instances
This is to spin up instances for your workspaces and experiments
EKS ( Amazon Kubernetes clusters)
This is to enable Kubernetes setup for workspaces and enabling distributed GPU trainings
EC2 Network-Stack
Managing access to clusters and nodes and securing the instances from public access
Cost and Usage
To get cost estimate. (Note: Please enable Hourly data on Cost Explorer setting page ).
Please check in your AWS console if you have access to these resources. If you do, you can directly skip to t, and adding them to the NetBook portal.
Most organizations don't give users access to create policies. In this case, there are some steps the IT team or IAM admin needs to set up in your AWS account for you to connect your credentials with NetBook.
Navigate to policies on the left side panel. You will find existing policies here
Click on create policy on the right. You will find two options for visual editor and JSON.
Select JSON and copy the policy JSON and give it a name
Policy JSON
Please notice:
Note: NetBook creates every resource with a tag nb-prod to make sure we don't access any other resources of your account other than the ones NetBook created. We make sure that NetBook gets limited access to your cloud.
Note
: Please replace <acc_id>
with your Account ID.
For creating Role "arn:aws:iam::<acc_id>:role/AWSServiceRoleForAmazonEKS":
Select EKS in Use cases for other AWS services: then select EKS
Then Proceed with Default permissions and name this role as AWSServiceRoleForAmazonEKS
For creating Role "arn:aws:iam::<acc_id>:role/AWSServiceRoleForAmazonEKSNodegroup":
Select EKS in Use cases for other AWS services: then select EKS Nodegroup
Then proceed with Default permissions and proceed with the default name, as this won’t be editable “AWSServiceRoleForAmazonEKSNodegroup”
For creating role "arn:aws:iam::<acc_id>:role/netbook-AWS-NodeGroupInstanceRole-CAFE"
Select Custom trust policy and paste the following JSON:
Then Add the following AWS managed policies:
Then name this role as “arn:aws:iam::<acc_id>:role/netbook-AWS-NodeGroupInstanceRole-CAFE“
For creating role "arn:aws:iam::<acc_id>:role/netbook-AWS-ServiceRoleForEKS-BADBEEF"
Select Custom trust policy and paste the following JSON:
Then Add the following AWS managed policies:
Then name this role as “arn:aws:iam::<acc_id>:role/netbook-AWS-ServiceRoleForEKS-BADBEEF“
You will find a list of all available policies including AWS default policies. Search for the policies that you created earlier and assign them to the user
Next add tag with Key : scope and Value : nb-prod
Select the Security credentials tab in the user information
You can download the Access Key and Secret as a CSV from the platform.
NOTE: You will find a warning not to share your access keys and secrets to public platforms. NetBook handles the access key security through a secured vault.
Now you are done with creating the needed keys for the NetBook platform. These are the steps you need your IT team's help to setup Credentials. Now let us move to how to connect them to NetBook's platform
Search for IAM in console search to open the IAM dashboard. It looks something like this
Go to IAM -> Roles ->
Go to IAM -> Roles ->
Go to IAM -> Roles ->
Go to IAM -> Roles ->
You will find the Users tab in the left side panel of the IAM dashboard
Select the Users to who you want to give access. You will find the user page like this
Click on Add Permissions and Select "Attach policies directly"
In the same users tab on the IAM dashboard, navigate to an individual user
You will find "Create access key" button. Use that to create an access key and secret pair