Creating AWS Policy and AWS API Access Key

Register AWS Policy, create User and API Credentials


You need an existing or a new Amazon Web Services (AWS) account or an existing or a new AWS GovCloud (US) account. For more information, refer to the AWS documentation:

Kublr also support other AWS partitions, such as AWS CN (China), AWS Top Secret region, etc.


To deploy a cluster in your AWS account with Kublr, you need to create an AWS policy and AWS API Access Key. All cluster resources (e.g. nodes) are created in your AWS account through the AWS API and will be managed by Kublr.

Use your AWS root account credential to sign in to the AWS Management Console or AWS GovCloud (US) Management Console. If you have previously signed into the console with your IAM user credentials, your browser may open the IAM user sign-in page. To avoid this, choose sign in using your root account credentials link to access the AWS account sign-in page.

Create an AWS Security Policy for Kublr’s API Access

  1. IAM console: choose Policies in the navigation column on the left.
  2. At the top of the page, choose Create Policy. Create Policy
  3. On the Create Policy page select JSON tab.
  4. In the Policy Document section, enter this policy profile Create Your Own Policy
  5. Click Review Policy.
  6. Enter the Policy Name.
  7. Click Create Policy to generate the policy.

Policy should be created. Create Your Own Policy

Create AWS User with Programmatic Access

  1. Choose Users in the navigation column on the left.
  2. At the top of the page, select Add User Add User
  3. Enter your username and select Programmatic Access.
  4. Click Next Permissions.
  5. Select Attach Existing Policy Directly Attach Existing Policy
  6. Select the policy you generated. Select the policy
  7. Click Next Review.
  8. Click Create User. Select the policy
  9. Copy Access Key ID and click Show to copy Secret access key. Or Download it. Note: This is the only time you can copy Secret access key for this Access Key ID.
  10. Click Close button. User is presented in the list.

Create a new AWS Access Key for existing user

  1. On the top right of the console, click on your account name or number. Then choose My Security Credentials.
  2. IAM console: choose Users in the navigation column on the left.
  3. Select User name in the list and clcik it.
  4. Open Security Credentials tab.
  5. Choose Create New Access Key. Create New Access Key Create New Access Key Success