AWS

Brainboard allows you to connect to your AWS environments, whether you want to provision resources, import existing infrastructure or simply manage your architecture on a daily basis.

It supports 2 authentication methods described below:

(recommended)

Configure access

To connect Brainboard to your AWS account:

Go to the settings page.
Click on Amazon Web Services
Click on New connection
This will open the new connection page where you have 2 options:

Assume role

N.B: This is the recommended way to connect to your AWS accounts as it doesn't require any secret sharing.

When you click on the option Assume role Brainboard guides you in the connection process:

In this page, click on Create role button, it will open your AWS account with pre-filled information
In your AWS portal, review the configuration and click next
Select the right permission to grant for this connection
Give the role a name, review and click on create role at the bottom
Copy the ARN of the role
Add the ARN in Brainboard credentials creation page
Brainboard checks if the connection can be established:
1. If the connection is successful, you will have this message
2. If it fails, you get an information about it
Name the connection in Brainboard
This name is used only within Brainboard, so it's a best practice to give an explicit name that allows you to identify which account is referring to.

Access key and secret

Brainboard allows you to add your access key, secret and session token if this is your preferred way to connect to your AWS environments:

You need to generate the the access key and secret from your AWS account first.

Generate AWS access key and secret

Sign in to the AWS Management Console: Go to the AWS Management Console and sign in with your AWS account credentials.
Navigate to the IAM Console: In the console, search for “IAM” and select the IAM console.
Create a new user: In the IAM console, choose “Users” from the navigation pane. Click “Add user” to start creating a new user. Provide a name for the user and check the box to give it access to the AWS Management Console. If you prefer to give it programmatic access only, you can also do that.
Set permissions (Optional): You can attach policies to the user to grant specific permissions.
Create the access key: Go to the “Security credentials” tab of the user. Click “Create access key” under the “Access keys” section. The Access Key ID and Secret Access Key will be displayed.
Save the keys: Save both the Access Key ID and Secret Access Key securely. You will not be able to retrieve the secret key again if you don’t save it at this point.

Set the scope

Once your credentials are added you can specify where exactly they will be used

This allows you to specify whether you want:

Make the credentials the default to use within your organization: which means any architecture created in Brainboard will use these credentials if it doesn't have its own ones.
Use in a specific project
Use in a specific environment
Use in a specific architecture