Brainboard's documentation
Website 🏛️Go to the app ↗
  • Welcome
  • Getting started
    • Fast track
    • Start with a template
    • Start with AI
    • Use cases videos
    • Brainboard philosophy
  • Cloud design
    • Left bar
      • Cloud resources
      • Input & output
    • Design area
      • Node
      • ID card
      • Connectors
      • Versioning
      • Graphical options
    • One action
    • Code Edition
  • Data
    • Data structure
      • Project
      • Environment
      • Cloud architecture
        • Terraform files
        • Readme file
        • Architecture Synchronization
        • Remote backend
      • Template
    • Cloud providers
      • Supported cloud providers
      • Customize provider configuration
      • Unsupported cloud providers
    • Terraform / OpenTofu
      • Modules
        • Module
        • Import modules
        • Manage module
        • Terraform registry credentials
        • Use modules
    • Disaster recovery
  • Automation
    • CI/CD engine
    • Supported plugins
      • Terraform
      • Security
        • Trivy
        • Tfsec
        • Terrascan
        • OPA
        • Checkov
      • Infracost
      • Notifications
        • Email
        • Slack
        • Microsoft Teams
      • Webhooks
    • Pipelines
    • Workflow templates
    • Drift detection
      • Types of drift
      • Remediation
    • Self-Hosted Runner
      • Deploy runner with Kubernetes
      • Deploy runner with docker-compose
  • Settings
    • Overview
    • Authentication
      • Login into Brainboard
      • Single sign-on (SSO)
    • Account management
    • Organization
    • Members
    • Teams
    • Roles & Permissions (RBAC)
      • Level of access
      • Organization RBAC
      • Project RBAC
    • Integrations
      • Git configuration
        • GitHub
        • Azure DevOps (ADO)
        • Bitbucket
        • GitLab
        • How to use
      • Cloud providers
        • AWS
        • Azure
        • GCP
        • OCI
  • Security
    • Data managed by Brainboard
    • SOC 2 Type II
    • Role Based Access Control
  • Help & FAQ
    • Shortcuts
    • FAQ
    • Migration
      • Import from cloud provider
    • Support
    • Glossary
  • Changelog
Powered by GitBook
On this page
  • Configure access
  • Assume role
  • Access key and secret
  • Set the scope

Was this helpful?

Edit on GitHub
  1. Settings
  2. Integrations
  3. Cloud providers

AWS

PreviousCloud providersNextAzure

Last updated 20 days ago

Was this helpful?

Brainboard allows you to connect to your AWS environments, whether you want to provision resources, import existing infrastructure or simply manage your architecture on a daily basis.

It supports 2 authentication methods described below:

  1. (recommended)

Configure access

To connect Brainboard to your AWS account:

  1. Go to the settings page.

  2. Click on Amazon Web Services

  3. Click on New connection

  4. This will open the new connection page where you have 2 options:

Assume role

N.B: This is the recommended way to connect to your AWS accounts as it doesn't require any secret sharing.

When you click on the option Assume role Brainboard guides you in the connection process:

  1. In this page, click on Create role button, it will open your AWS account with pre-filled information

  2. In your AWS portal, review the configuration and click next

  3. Select the right permission to grant for this connection

  4. Give the role a name, review and click on create role at the bottom

  5. Copy the ARN of the role

  6. Add the ARN in Brainboard credentials creation page

  7. Brainboard checks if the connection can be established:

    1. If the connection is successful, you will have this message

    2. If it fails, you get an information about it

  8. Name the connection in Brainboard

    This name is used only within Brainboard, so it's a best practice to give an explicit name that allows you to identify which account is referring to.

Access key and secret

Brainboard allows you to add your access key, secret and session token if this is your preferred way to connect to your AWS environments:

You need to generate the the access key and secret from your AWS account first.

Generate AWS access key and secret
  1. Sign in to the AWS Management Console: Go to the AWS Management Console and sign in with your AWS account credentials.

  2. Navigate to the IAM Console: In the console, search for “IAM” and select the IAM console.

  3. Create a new user: In the IAM console, choose “Users” from the navigation pane. Click “Add user” to start creating a new user. Provide a name for the user and check the box to give it access to the AWS Management Console. If you prefer to give it programmatic access only, you can also do that.

  4. Set permissions (Optional): You can attach policies to the user to grant specific permissions.

  5. Create the access key: Go to the “Security credentials” tab of the user. Click “Create access key” under the “Access keys” section. The Access Key ID and Secret Access Key will be displayed.

  6. Save the keys: Save both the Access Key ID and Secret Access Key securely. You will not be able to retrieve the secret key again if you don’t save it at this point.

Set the scope

Once your credentials are added you can specify where exactly they will be used

This allows you to specify whether you want:

  1. Make the credentials the default to use within your organization: which means any architecture created in Brainboard will use these credentials if it doesn't have its own ones.

  2. Use in a specific project

  3. Use in a specific environment

  4. Use in a specific architecture

Cloud providers integration
Assume role
Access key and secret