ModularSystems AWS Integration
Welcome to the ModularSystems AWS Integration. Today, I’ll be your guide in setting up role delegation. Role delegation allows you to delegate resource access to a third party. To do this, we will:
- Create a role with limited access
- Create an S3 bucket to store infrastructure state
- Connect your ModularSystems account to that role
First, I have one small ask. If you run into any questions or problems, please leave a comment below.
Create a Role
The ModularSystems AWS Integration requires a role, so let’s create it. The first step you need to take is to log into AWS, and navigate to IAM. Here, you’ll create a new role. Below is an example of what we’ll do. I’ll explain more after these GIFs:
- Create an “Another AWS Account” role with our account ID: 333773826469
- Check “Require external ID and create a secret of your choosing. Treat this like a password.
- Select the policies to grant ModularSystems. Our example uses AdministratorAccess, however see the section below for the policies you should assign.
- Name the role something that indicates what it’s for. We simply use modularSystems in the example.
- Click the created role, and copy the ARN for the Role
The ARN is the entire string. In the following example, the arn is “arn:aws:iam::333773826469:role/modularSystems”:
Now, you’ve created the role you need from the AWS console.
Configuring policies for the ModularSystems AWS Integration
Earlier, I mentioned a set of policies you can lock your role down to. Here are the five policies your role should have:
- AmazonEC2FullAccess let’s us create EC2 resources. We use these to put Kubernetes on and for scaling.
- AmazonS3FullAccess allows us to store infrastructure state in S3. Your infrastructure and it’s state are yours if you decide we’re not for you.
- IAMFullAccess allows us to create the necessary IAM roles for Kubernetes.
- AmazonRoute53FullAccess allows Kubernetes to manage DNS records for you.
- AmazonVPCFullAccess is used for Kubernetes networking.
This should result in the following:
Setting up an S3 bucket
ModularSystems stores Terraform state in an S3 Bucket of yours for you. This allows you to backup your infrastructure, and continue to use it if ModularSystems isn’t for you.
To create your bucket, go to the S3 service page in your AWS console.
Here, you can click on Create bucket where you will enter the bucket name and region you prefer. Enabling Versioning is a good idea if you want point in time backups outside of the ModularSystems platform. Be sure to make this bucket private, as it will have secrets that will comprise your infrastructure.
Now that you have the bucket created, you are ready to configure ModularSystems.
Configure the ModularSystems AWS Integration
The fun is almost over. Now that your role and s3 bucket are setup, we will log into our ModularSystems account. Next, navigate to your account settings. Click on AWS under Integrations, where you’ll see the items we need to fill out:
Fill these out with what we’ve created during the course of this walk through. Click validate, and ensure that your settings are retained, or that any errors that come up are resolved.
Thank you for reading our guide on setting up your ModularSystems account. Please let us know if you had any issues or questions with anything we covered. See you next time.