Skip to content

How do I collect from Amazon Web Services (AWS)?

In order to collect from Amazon Web Services (AWS), Nanitor needs to have gained access via a user with sufficient privileges.

To create such a user, log in to your admin AWS account and go to the IAM dashboard: https://console.aws.amazon.com/iam/home

Go to Users and click Add User. Input a suitable user name and select access type Programmatic access. Click Next.

To ensure appropriate security methods are followed, permissions for the user should be added through a user group. Create a new group to set sufficient privileges. Click Create group.

Choose an appropriate name for your group and grant it two policies, IAMReadOnlyAccess and AmazonS3ReadOnlyAccess. Click Create group. After the group has been created, you should be able to see it in your groups menu. There should be two attached policies. Ensure that the group is selected. Click Next.

Adding tags is not necessary for our purposes, you can leave this screen empty and click Next. 

Review that all the information you entered is correct and click Create user. 

Find the credentials for the user you just created. They should be present in the final step of the creation process. Grab the Access key ID and Secret access key.

Add the user credentials to your local environment. Place the credential in the following file:

su - nanitor
mkdir -p ~/.aws
vim ~/.aws/credentials

It should be of the following format: 

[nanitor-test]
aws_access_key_id = AKIASHKBF3GIIXF3CPGB
aws_secret_access_key = **********************

Create a credential for Amazon Web Services Add a credential of type 'aws', enter the name of the user you created and the region you wish to access:

/usr/lib/nanitor-collector/bin/nanitor-collector-ctl credential_add --title nanaws-cred --access_method aws --aws_profile_name nanitor-test --aws_region us-east-1

After a credential has been created successfully, you can add the Amazon Web Service itself. 

/usr/lib/nanitor-collector/bin/nanitor-collector-ctl cloud_add --title nanaws-dev --cloud_type aws --credential_title nanaws-cred

After the cloud device has been added successfully, it should be available in the Nanitor UI.