Create Credentials

This guide will help you to create your Amazon Web Services (AWS) credentials for Qovery. Those credentials will be used to create a Kubernetes cluster, a dedicated VPC and a few services on your AWS account. Refer to our Infrastructure page to learn more about the infrastructure created by Qovery.

Before you begin, this page assumes the following:

• You have an AWS account

Generate AWS credentials

1. Connect to your AWS console

2. Go to IAM

   

3. Create Admins group without any permissions

   The default name required by Qovery is Admins. If you want to use another name, you have to change the cluster advanced settings aws.iam.admin_group BEFORE launching the cluster installation process

   

4. Create one IAM user called qovery.

   

5. Setup IAM permissions to the qovery user.

   Download IAM permissions JSON

   ---

   Or copy it from below:

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "iam:*",
                   "s3:ListAllMyBuckets",
                   "cloudwatch:*",
                   "autoscaling:*",
                   "application-autoscaling:*",
                   "elasticloadbalancing:*",
                   "organizations:DescribeAccount",
                   "organizations:DescribeOrganization",
                   "organizations:DescribeOrganizationalUnit",
                   "organizations:DescribePolicy",
                   "organizations:ListChildren",
                   "organizations:ListParents",
                   "organizations:ListPoliciesForTarget",
                   "organizations:ListRoots",
                   "organizations:ListPolicies",
                   "organizations:ListTargetsForPolicy",
                   "dynamodb:*",
                   "ecr:*",
                   "ec2:*",
                   "elasticache:*",
                   "cloudtrail:LookupEvents",
                   "kms:DescribeKey",
                   "kms:ListAliases",
                   "dynamodb:*",
                   "tag:GetResources",
                   "rds:*",
                   "ecs:*",
                   "eks:*",
                   "logs:*",
                   "events:DescribeRule",
                   "events:DeleteRule",
                   "events:ListRuleNamesByTarget",
                   "events:ListTargetsByRule",
                   "events:PutRule",
                   "events:PutTargets",
                   "es:AddTags",
                   "es:RemoveTags",
                   "es:ListTags",
                   "es:DeleteElasticsearchDomain",
                   "es:DescribeElasticsearchDomain",
                   "es:CreateElasticsearchDomain",
                   "events:RemoveTargets",
                   "kms:*",
                   "events:TagResource",
                   "events:ListTagsForResource"
               ],
               "Resource": "*"
           },
           {
               "Action": [
                   "s3:*",
                   "sqs:*"
               ],
               "Effect": "Allow",
               "Resource": [
                   "arn:aws:s3:::qovery*",
                   "arn:aws:s3:::qovery*/*",
                   "arn:aws:sqs:*:*:qovery*",
                   "arn:aws:sqs:*:*:qovery*/*"
               ]
           }
       ]
   }

   Then, follow the arrows in AWS console to create AWS credentials with required IAM permissions:

   

6. To create an access key id and secret access key, go to the Security Credentials tab of the Qovery user and press Create access key

   

   You can now save the access key id and secret access key

   

How was it? Did this tutorial work?  Yes  No

Well done!! You now have your AWS access key id and secret access key and your permissions are setups; It is time to connect Qovery to your AWS account.

Install a new cluster on Qovery

You will be able to use the credentials you just generated when creating a cluster via the Qovery console. This cluster will be linked to your Qovery organization. Follow this documentation to create a new cluster on your organization.

Next steps

Now you can use your AWS account to deploy your applications on Qovery. You can also link other Cloud providers to your organization.