Getting started with AWS

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.

If you are unfamiliar with AWS, the following Amazon resources are recommended to get you started:


Linx-AWS integration

When integrating Linx and AWS the following must be set up and maintained:

What?

Where?

Key Area

Action

On AWS console

On Linx

1
AWS Account

Create an AWS account


AWS console


 

2
AWS Users

Create an AWS user


AWS console
– IAM *


Linx Application Designer -
IAM plugin *

Create authentication credentials (access key)
Set user permissions

3
Linx Solutions

Create a Linx Solution  


Linx Application Designer

- Add a Function  


Linx Application Designer
- AWS plugin

       - Connect to the AWS service  


Linx Application Designer
- AWS plugin

       - Perform specific actions related to the AWS service
          (e.g. upload a file, etc) 		 


Linx Application Designer
- AWS plugin

Deploy the Solution to Linx Application Server  


Linx Application Designer /
Linx Application Server

Start the relevant service Event  


Linx Application Server

* IAM user management can be done on either the AWS console or via Linx. However, the first user must be created directly in IAM on the AWS console, while subsequent users can be created and maintained via Linx.


Managing key areas of the Linx-AWS integration


1. Create an AWS Account

Go to AWS

Provide the required personal or business details, and payment details.


2. Manage AWS users

When an AWS account is created, a default root user is also created as part of the process.

The default root user can:

  • create and maintain other sub-users
  • set user permissions in relation to users’ access to AWS resources and services (e.g. IAM, S3, EC2, etc)
  • create and maintain user groups to make it easier to manage permissions for a collection of users, rather than having to manage permissions for each individual user separately
  • enable MFA (multi-factor authentication) for a user, which is additional authentication requirements of a user (e.g. authentication through single-use tokens, phone authentication, etc)

Best practice is for the default root user to create another user directly on IAM (AWS console). The newly created user will then have access and permissions to:

  • create and maintain subsequent AWS users via the IAM plugin on Linx
  • create solutions in Linx that will integrate to AWS services


What is AWS IAM?

AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and set permissions to allow or deny them access to AWS resources.

Amazon resources:

Introduction

Manage Users

Manage Permissions


Creating a new user on IAM (AWS console)

Please refer to Amazon documentation and the AWS console for details on how to create a new IAM user.


How to create a new user on IAM via Linx Designer

Creating a new user is a process that involves the following:


1. Create a user

Steps:

  1. Create a new Linx Solution (or open an existing Solution)

  2. Add the Amazon IAM plugin to the Solution

  3. From the Amazon IAM plugin, drag the CreateUser function to the design canvas

  4. Enter the details of the Properties associated with the CreateUser function:

  1. AWS Credentials:
    These are the details of an existing user with the necessary access credentials and permissions to create a new user. Details to provide include:
    - Key : The public key of the existing user, generated when the access key pair was created
    - KeySecret : The private (secret) key of the existing user, generated when the access key pair was created
    - RegionEndpoint : The Amazon region associated with the user
    - UserAccountNumber : The account number of the AWS account to which the existing and new user have access
    - UserName : The username of the existing user that is creating the new user
  2. Details of the new user:
    This is for the user being created:
    - User name


2. Create an Access Key for a user

Steps:

  1. From the Amazon IAM plugin, drag the CreateAccessKey function to the design canvas

  2. Enter the details of the Properties associated with the CreateAccessKey function:

    a. AWS Credentials of the user performing this function

    b. Username of the user for whom an access key is being created

Note:

  • There are three ways in which permissions can be assigned to a user:

    a. By adding the user to a group

    b. By copying permissions from an existing user

    c. By attaching existing policies directly to the user

  • The remaining steps in this section will describe the best-practice method, which is the first option: adding a user to a group.


3. Create a Group

Steps:

  1. From the Amazon IAM plugin, drag the CreateGroup function to the design canvas

  2. Enter the details of the Properties associated with the CreateGroup function:

    a. AWS Credentials of the user performing this function

    b. Group name of the group that is being created


4. Attach a Permission Policy to a Group

Steps:

  1. From the Amazon IAM plugin, drag the AttachGroupPolicy function to the design canvas

  2. Enter the details of the Properties associated with the AttachGroupPolicy function:

    a. AWS Credentials of the user performing this function

    b. Group name of the group to which the policy is being attached

    c. Policy ARN – the ARN of the policy you want to attach. (Policy ARN’s can be viewed on the AWS console, or can be retrieved by using the ListPolicies function within Linx Designer.)


5. Add a User to a Group

Steps:

  1. From the Amazon IAM plugin, add the AddUserToGroup function to the design canvas

  2. Enter the details of the Properties associated with the AddUserToGroup function:

    a. AWS Credentials of the user performing this function

    b. User name of the user being added to a group

    c. Group name of the group to which the user is being added


3. Create a Linx Solution

Generic steps:

  1. Create a Solution

  2. Add the Amazon plugin for the applicable AWS service (e.g. S3) to the solution

Steps for integrating to a specific AWS service:

  1. Add a Function from the Plugin that is associated with the relevant AWS service, e.g. PutBucket (from the S3 plugin)

  2. Enter the details of the associated Properties:

    a. AWS Credentials of the user performing the function

    b. Properties specific to the Function, e.g. the Bucket Name property for the PutBucket function (S3)


For more details on working with specific AWS plugins, refer to these sections:

CloudTrail | EC2 | KMS | RDS | S3 | SNS | SQS | VPC