Creating a Custom EC2 Policy & User for Nanobox Deploys

Nanobox makes deploying applications to Amazon Web Services (AWS) really easy. When setting up your AWS account, Nanobox needs certain permissions in order to deploy and manage instances for you. The "shotgun approach" is to just enable read/write access on EC2 instances, security groups, and SSH keys, but in some cases, you may need a custom security policy.

In this article, I'm going to walk through creating a custom AWS security policy that includes everything Nanobox needs to deploy and scale on your behalf.

Create a New Policy

In your AWS AIM dashboard, go to the "Policies" section and create a new policy.

Create a New Policy

Select the “Create Your Own Policy” option.

Create Your Own Policy

Define your Policy Name and provide a description.

Policy Details

In the Policy Document, Nanobox needs at least the following to be able to deploy and manage servers on AWS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:DescribeSecurityGroups",
                "ec2:CreateSecurityGroup",
                "ec2:DescribeSubnets",
                "ec2:DescribeInstances",
                "ec2:RunInstances",
                "ec2:CreateTags",
                "ec2:RebootInstances",
                "ec2:TerminateInstances",
                "ec2:DescribeKeyPairs",
                "ec2:ImportKeyPair",
                "ec2:DeleteKeyPair",
                "ec2:AuthorizeSecurityGroupIngress",
                "ec2:AuthorizeSecurityGroupEgress"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

Add a New User

Go the the "Users" section and add a new user.

Add User

Provide a username and select "Programatic Access" to generate an Access Key ID and Secret Access Key. If you want to create a user with access to your AWS console, you can select the "AWS Management Console access" option as well.

User Details

Click “Next: Permissions”. Choose the “Attach existing policies directly” option and select the Nanobox permissions policy you created.

User Permissions

On the summary screen, confirm all the details and click "Create User". Copy your Access Key ID and Secret Access Token. You won't be able to view them again after you close this window.

User Authentication Credentials

Add a New Provider Using Your AWS User Credentials

To use the AWS user with the specific set of permissions, add a new provider in your Nanobox dashboard. When prompted, enter the Access Key ID and Secret Access Token of your user. Finish the provider setup process, and that's it! You'll be able to launch and manage apps on AWS using Nanobox.

Posted in AWS, security, Cloud Providers