{"_id":"55d3b647f77e6d0d00b1b28b","user":"55c50f4a7c199a2f00665cbf","category":{"_id":"55d3b645f77e6d0d00b1b27c","__v":4,"pages":["55d3b647f77e6d0d00b1b286","55d3b647f77e6d0d00b1b287","55d3b647f77e6d0d00b1b288","55d3b647f77e6d0d00b1b289","55d3b647f77e6d0d00b1b28a","55d3b647f77e6d0d00b1b28b","55d3b647f77e6d0d00b1b28c","55d3b647f77e6d0d00b1b28d","55d3b647f77e6d0d00b1b28e","55d3b647f77e6d0d00b1b28f","55d3b647f77e6d0d00b1b290","55d3b647f77e6d0d00b1b291","562ea6c53b2af20d006ad03d","56312e4024014b0d00bd9a48","564e4d122b223c2b00496a27"],"project":"55c505b41469ad2500fa2ab7","version":"55d3b644f77e6d0d00b1b273","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-08-10T18:45:23.276Z","from_sync":false,"order":9,"slug":"integration-guides","title":"Integration Guides"},"version":{"_id":"55d3b644f77e6d0d00b1b273","project":"55c505b41469ad2500fa2ab7","__v":6,"createdAt":"2015-08-18T22:48:36.632Z","releaseDate":"2015-08-18T22:48:36.632Z","categories":["55d3b645f77e6d0d00b1b274","55d3b645f77e6d0d00b1b275","55d3b645f77e6d0d00b1b276","55d3b645f77e6d0d00b1b277","55d3b645f77e6d0d00b1b278","55d3b645f77e6d0d00b1b279","55d3b645f77e6d0d00b1b27a","55d3b645f77e6d0d00b1b27b","55d3b645f77e6d0d00b1b27c","55d3b645f77e6d0d00b1b27d","55d7c2939510f00d007ec6fe","56fac9925df15a20002972a2","56fb2f7668e1d30e00a0b672","583498d411e8af2500f6b334","58e52a180ab7b03b00f4a97a"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"project":"55c505b41469ad2500fa2ab7","parentDoc":null,"__v":18,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-08-10T20:08:57.680Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":5,"body":"This guide will help you create an IAM user in your AWS account, attach a policy with right privileges  and generate a keypair for Neptune. With a right set of privileges, Neptune will then be able read your cloudwatch alarms, or take appropriate AWS API actions. You will always be able to delete the IAM user, or change your policy settings in your AWS console to restrict access for Neptune.\n\n## Step 1: In your integrations page, click \"Add key pair\" for AWS CloudWatch.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/n0bzc3qeTzCgvJ46Qqpy_awsGetStarted.png\",\n        \"awsGetStarted.png\",\n        \"1613\",\n        \"1034\",\n        \"#a71b68\",\n        \"\"\n      ],\n      \"caption\": \"CloudWatch Integration\"\n    }\n  ]\n}\n[/block]\n## Step 2: As per the instructions, please run a script to generate an IAM keypair automatically\n\nThe script requires that you have AWS CLI installed, and that you have right privileges to create an IAM user to attach a policy. The above script will :\n\n1. Create an IAM user called 'NeptuneioUser'\n2. Attached a policy \n3. Create an IAM keypair for the newly created user\n\n* You can always change the policy details later in your AWS console for the created IAM user\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/mRzs8AJ0RNKAV81lIpFA_shellCmdOutput.png\",\n        \"shellCmdOutput.png\",\n        \"932\",\n        \"322\",\n        \"#a13d14\",\n        \"\"\n      ],\n      \"caption\": \"Get AWS IAM Keys\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Manual steps to create IAM user and keys\",\n  \"body\": \"In  case you have trouble running the above script, please refer to Step 4 below to manually create an IAM user, attach a policy and get keypairs for that user\"\n}\n[/block]\n## Step 3: Copy the key pair into the AWS integration form, by giving a good key pair name ( e.g : NeptuneioKeys)\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/wKTAccTCTSGempMi3ziK_addAWSKeyPair.png\",\n        \"addAWSKeyPair.png\",\n        \"807\",\n        \"281\",\n        \"#a32269\",\n        \"\"\n      ],\n      \"caption\": \"Add AWS Keys\"\n    }\n  ]\n}\n[/block]\n## Step 4 : (Optional) Manual steps to create an IAM user, attach policy and get a keypair\n\n1. Navigate to your [IAM console](https://console.aws.amazon.com/iam/home#users) and click create IAM user\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/OTFbW57DShC6rfP4xQiL_iamCreateNewUser.png\",\n        \"iamCreateNewUser.png\",\n        \"505\",\n        \"283\",\n        \"#4884cf\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n2. Add \"NeptuneioUser\" and generate an access key for the newly created user\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/aa7LOyxDR7yO1wJfT4Qt_iamGenerateKeys.png\",\n        \"iamGenerateKeys.png\",\n        \"1041\",\n        \"496\",\n        \"#3b7dc4\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n3. Click \"show security credentials\"\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/swfOorQPSBmf9OchrHCM_iamShowCredentials.png\",\n        \"iamShowCredentials.png\",\n        \"621\",\n        \"174\",\n        \"#44916e\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n4. Copy access key and secret key to clip board. Also save the key pair in a safe location for future use\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/83zHWthaSuynlmuQyUhY_iamCopyCredentials.png\",\n        \"iamCopyCredentials.png\",\n        \"619\",\n        \"285\",\n        \"#789444\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n5. Paste the copied access key and secret key into the AWS integration form by giving a good keypair name ( e.g : NeptuneioKeys )\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/vklSUrMFTCSCKZU2O4lI_addAWSKeyPair.png\",\n        \"addAWSKeyPair.png\",\n        \"807\",\n        \"281\",\n        \"#9c2169\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n6. Now go back to your [AWS IAM console](https://console.aws.amazon.com/iam/home#users), click \"NeptuneioUser\" and then \"Create User Policy\" in the permission tab, to attach a permission policy\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/SlxOskPmRJebMBZpelQw_iamAttachPolicy1.png\",\n        \"iamAttachPolicy1.png\",\n        \"1059\",\n        \"557\",\n        \"#a74837\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/alcfKzeRS4OUSSWHTuzL_iamAttachPolicy2.png\",\n        \"iamAttachPolicy2.png\",\n        \"1200\",\n        \"313\",\n        \"#34618e\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n7. Click \"Custom Policy\" to attach a specific Policy\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/DpropokRImBKdVKvYMgW_iamCustomPolicySelect.png\",\n        \"iamCustomPolicySelect.png\",\n        \"1118\",\n        \"259\",\n        \"#5f8abd\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n8. Copy the following JSON in the window and give it a good name like \"NeptuneioUserPolicy\" (Modify JSON as you feel appropriate for Neptuneio access\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n  \\\"Version\\\": \\\"2012-10-17\\\",\\n  \\\"Statement\\\": [\\n    {\\n    \\\"Sid\\\": \\\"Stmt1399947803958\\\",\\n    \\\"Action\\\": [\\n      \\\"ec2:DescribeInstances\\\",\\n      \\\"ec2:DescribeTags\\\",\\n      \\\"ec2:RebootInstances\\\",\\n      \\\"ec2:RunInstances\\\",\\n      \\\"ec2:StartInstances\\\",\\n      \\\"ec2:StopInstances\\\",\\n      \\\"ec2:TerminateInstances\\\"\\n    ],\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n    \\\"Sid\\\": \\\"Stmt1399947834277\\\",\\n    \\\"Action\\\": [\\n      \\\"cloudwatch:DescribeAlarms\\\",\\n      \\\"cloudwatch:DescribeAlarmsForMetric\\\",\\n      \\\"cloudwatch:DeleteAlarms\\\",\\n      \\\"cloudwatch:ListMetrics\\\",\\n      \\\"cloudwatch:PutMetricAlarm\\\",\\n      \\\"cloudwatch:PutMetricData\\\",\\n      \\\"cloudwatch:GetMetricStatistics\\\",\\n      \\\"cloudwatch:SetAlarmState\\\"\\n    ],\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n    \\\"Sid\\\": \\\"Stmt1399947461414\\\",\\n    \\\"Action\\\": [\\n      \\\"iam:GetUser\\\"\\n    ],\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n    \\\"Sid\\\": \\\"Stmt1399947503000\\\",\\n    \\\"Action\\\": \\\"sqs:*\\\",\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n    \\\"Sid\\\": \\\"Stmt1399923365747\\\",\\n    \\\"Action\\\":[\\n      \\\"autoscaling:DescribeAutoScalingGroups\\\",\\n      \\\"autoscaling:DescribeAutoScalingInstances\\\",\\n      \\\"autoscaling:DescribeTags\\\"\\n    ],\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n    \\\"Sid\\\": \\\"Stmt1399947665747\\\",\\n    \\\"Action\\\" :[\\n      \\\"opsworks:CreateInstance\\\",\\n      \\\"opsworks:DeleteInstance\\\",\\n      \\\"opsworks:DescribeApps\\\",\\n      \\\"opsworks:DescribeInstances\\\",\\n      \\\"opsworks:DescribeStacks\\\",\\n      \\\"opsworks:RebootInstance\\\",\\n      \\\"opsworks:StartInstance\\\",\\n      \\\"opsworks:StartStack\\\",\\n      \\\"opsworks:StopInstance\\\",\\n      \\\"opsworks:StopStack\\\"\\n    ],\\n    \\\"Effect\\\": \\\"Allow\\\",\\n    \\\"Resource\\\": \\\"*\\\"\\n  },\\n  {\\n      \\\"Sid\\\": \\\"Stmt1411960116195\\\",\\n      \\\"Action\\\": [\\n        \\\"dynamodb:DescribeTable\\\",\\n        \\\"dynamodb:ListTables\\\",\\n        \\\"dynamodb:UpdateTable\\\"\\n      ],\\n      \\\"Effect\\\": \\\"Allow\\\",\\n      \\\"Resource\\\": \\\"*\\\"\\n    },\\n    {\\n      \\\"Sid\\\": \\\"Stmt12834324195\\\",\\n      \\\"Action\\\": [\\n        \\\"route53:CreateHealthCheck\\\",\\n        \\\"route53:DeleteHealthCheck\\\",\\n        \\\"route53:GetHealthCheck\\\",\\n        \\\"route53:GetHealthCheckStatus\\\",\\n        \\\"route53:ListHealthChecks\\\",\\n        \\\"route53:UpdateHealthCheck\\\"\\n      ],\\n      \\\"Effect\\\": \\\"Allow\\\",\\n      \\\"Resource\\\": \\\"*\\\"\\n    }\\n  ]\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n9. After applying policy your final screen should look like this\n\nNote: You can edit the policy JSON to restrict NeptuneioUser for read-only access to AWS EC2 if you plan to run scripts only and not take REST api actions like Start/Stop/Terminate/Reboot instance.\n[block:image]\n{\n  \"images\": [\n    {\n      \"image\": [\n        \"https://files.readme.io/VzjcGnwiRqCbCoYCglPk_iamNeptuneioUserFinalState.png\",\n        \"iamNeptuneioUserFinalState.png\",\n        \"890\",\n        \"699\",\n        \"#924644\",\n        \"\"\n      ]\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"success\",\n  \"title\": \"That's it! You have integrated Neptune.io with your AWS account\",\n  \"body\": \"Please store the IAM key pair for future reference. As always you can recycle IAM keypairs in your AWS account for better security. You can go back to integrations page in Neptuneio and update the newly generated keypairs\"\n}\n[/block]","excerpt":"","slug":"aws-integration","type":"basic","title":"AWS"}
This guide will help you create an IAM user in your AWS account, attach a policy with right privileges and generate a keypair for Neptune. With a right set of privileges, Neptune will then be able read your cloudwatch alarms, or take appropriate AWS API actions. You will always be able to delete the IAM user, or change your policy settings in your AWS console to restrict access for Neptune. ## Step 1: In your integrations page, click "Add key pair" for AWS CloudWatch. [block:image] { "images": [ { "image": [ "https://files.readme.io/n0bzc3qeTzCgvJ46Qqpy_awsGetStarted.png", "awsGetStarted.png", "1613", "1034", "#a71b68", "" ], "caption": "CloudWatch Integration" } ] } [/block] ## Step 2: As per the instructions, please run a script to generate an IAM keypair automatically The script requires that you have AWS CLI installed, and that you have right privileges to create an IAM user to attach a policy. The above script will : 1. Create an IAM user called 'NeptuneioUser' 2. Attached a policy 3. Create an IAM keypair for the newly created user * You can always change the policy details later in your AWS console for the created IAM user [block:image] { "images": [ { "image": [ "https://files.readme.io/mRzs8AJ0RNKAV81lIpFA_shellCmdOutput.png", "shellCmdOutput.png", "932", "322", "#a13d14", "" ], "caption": "Get AWS IAM Keys" } ] } [/block] [block:callout] { "type": "info", "title": "Manual steps to create IAM user and keys", "body": "In case you have trouble running the above script, please refer to Step 4 below to manually create an IAM user, attach a policy and get keypairs for that user" } [/block] ## Step 3: Copy the key pair into the AWS integration form, by giving a good key pair name ( e.g : NeptuneioKeys) [block:image] { "images": [ { "image": [ "https://files.readme.io/wKTAccTCTSGempMi3ziK_addAWSKeyPair.png", "addAWSKeyPair.png", "807", "281", "#a32269", "" ], "caption": "Add AWS Keys" } ] } [/block] ## Step 4 : (Optional) Manual steps to create an IAM user, attach policy and get a keypair 1. Navigate to your [IAM console](https://console.aws.amazon.com/iam/home#users) and click create IAM user [block:image] { "images": [ { "image": [ "https://files.readme.io/OTFbW57DShC6rfP4xQiL_iamCreateNewUser.png", "iamCreateNewUser.png", "505", "283", "#4884cf", "" ] } ] } [/block] 2. Add "NeptuneioUser" and generate an access key for the newly created user [block:image] { "images": [ { "image": [ "https://files.readme.io/aa7LOyxDR7yO1wJfT4Qt_iamGenerateKeys.png", "iamGenerateKeys.png", "1041", "496", "#3b7dc4", "" ] } ] } [/block] 3. Click "show security credentials" [block:image] { "images": [ { "image": [ "https://files.readme.io/swfOorQPSBmf9OchrHCM_iamShowCredentials.png", "iamShowCredentials.png", "621", "174", "#44916e", "" ] } ] } [/block] 4. Copy access key and secret key to clip board. Also save the key pair in a safe location for future use [block:image] { "images": [ { "image": [ "https://files.readme.io/83zHWthaSuynlmuQyUhY_iamCopyCredentials.png", "iamCopyCredentials.png", "619", "285", "#789444", "" ] } ] } [/block] 5. Paste the copied access key and secret key into the AWS integration form by giving a good keypair name ( e.g : NeptuneioKeys ) [block:image] { "images": [ { "image": [ "https://files.readme.io/vklSUrMFTCSCKZU2O4lI_addAWSKeyPair.png", "addAWSKeyPair.png", "807", "281", "#9c2169", "" ] } ] } [/block] 6. Now go back to your [AWS IAM console](https://console.aws.amazon.com/iam/home#users), click "NeptuneioUser" and then "Create User Policy" in the permission tab, to attach a permission policy [block:image] { "images": [ { "image": [ "https://files.readme.io/SlxOskPmRJebMBZpelQw_iamAttachPolicy1.png", "iamAttachPolicy1.png", "1059", "557", "#a74837", "" ] } ] } [/block] [block:image] { "images": [ { "image": [ "https://files.readme.io/alcfKzeRS4OUSSWHTuzL_iamAttachPolicy2.png", "iamAttachPolicy2.png", "1200", "313", "#34618e", "" ] } ] } [/block] 7. Click "Custom Policy" to attach a specific Policy [block:image] { "images": [ { "image": [ "https://files.readme.io/DpropokRImBKdVKvYMgW_iamCustomPolicySelect.png", "iamCustomPolicySelect.png", "1118", "259", "#5f8abd", "" ] } ] } [/block] 8. Copy the following JSON in the window and give it a good name like "NeptuneioUserPolicy" (Modify JSON as you feel appropriate for Neptuneio access [block:code] { "codes": [ { "code": "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Stmt1399947803958\",\n \"Action\": [\n \"ec2:DescribeInstances\",\n \"ec2:DescribeTags\",\n \"ec2:RebootInstances\",\n \"ec2:RunInstances\",\n \"ec2:StartInstances\",\n \"ec2:StopInstances\",\n \"ec2:TerminateInstances\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1399947834277\",\n \"Action\": [\n \"cloudwatch:DescribeAlarms\",\n \"cloudwatch:DescribeAlarmsForMetric\",\n \"cloudwatch:DeleteAlarms\",\n \"cloudwatch:ListMetrics\",\n \"cloudwatch:PutMetricAlarm\",\n \"cloudwatch:PutMetricData\",\n \"cloudwatch:GetMetricStatistics\",\n \"cloudwatch:SetAlarmState\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1399947461414\",\n \"Action\": [\n \"iam:GetUser\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1399947503000\",\n \"Action\": \"sqs:*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1399923365747\",\n \"Action\":[\n \"autoscaling:DescribeAutoScalingGroups\",\n \"autoscaling:DescribeAutoScalingInstances\",\n \"autoscaling:DescribeTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1399947665747\",\n \"Action\" :[\n \"opsworks:CreateInstance\",\n \"opsworks:DeleteInstance\",\n \"opsworks:DescribeApps\",\n \"opsworks:DescribeInstances\",\n \"opsworks:DescribeStacks\",\n \"opsworks:RebootInstance\",\n \"opsworks:StartInstance\",\n \"opsworks:StartStack\",\n \"opsworks:StopInstance\",\n \"opsworks:StopStack\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt1411960116195\",\n \"Action\": [\n \"dynamodb:DescribeTable\",\n \"dynamodb:ListTables\",\n \"dynamodb:UpdateTable\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Stmt12834324195\",\n \"Action\": [\n \"route53:CreateHealthCheck\",\n \"route53:DeleteHealthCheck\",\n \"route53:GetHealthCheck\",\n \"route53:GetHealthCheckStatus\",\n \"route53:ListHealthChecks\",\n \"route53:UpdateHealthCheck\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}", "language": "json" } ] } [/block] 9. After applying policy your final screen should look like this Note: You can edit the policy JSON to restrict NeptuneioUser for read-only access to AWS EC2 if you plan to run scripts only and not take REST api actions like Start/Stop/Terminate/Reboot instance. [block:image] { "images": [ { "image": [ "https://files.readme.io/VzjcGnwiRqCbCoYCglPk_iamNeptuneioUserFinalState.png", "iamNeptuneioUserFinalState.png", "890", "699", "#924644", "" ] } ] } [/block] [block:callout] { "type": "success", "title": "That's it! You have integrated Neptune.io with your AWS account", "body": "Please store the IAM key pair for future reference. As always you can recycle IAM keypairs in your AWS account for better security. You can go back to integrations page in Neptuneio and update the newly generated keypairs" } [/block]