Create an AWS policy and AWS API Access Key
Register AWS Policy, create User and API Credentials
Prerequisites
You need an existing or a new Amazon Web Services (AWS) account or an existing or a new AWS GovCloud (US) account.
For more information, refer to the AWS documentation:
Kublr also support other AWS partitions, such as AWS CN (China), AWS Top Secret region, etc.
Overview
To deploy a cluster in your AWS account with Kublr, you need to create an AWS policy and AWS API Access Key. All cluster resources (e.g. nodes) are created in your AWS account through the AWS API and will be managed by Kublr.
Use your AWS root account credential to sign in to the AWS Management Console
or AWS GovCloud (US) Management Console.
If you have previously signed into the console with your IAM user credentials, your browser may open the IAM user
sign-in page.
To avoid this, choose sign in using your root account credentials link to access the AWS account sign-in page.
Create an AWS Security Policy for Kublr’s API Access
- IAM console: choose Policies in the navigation column on the left.
- At the top of the page, choose Create Policy.

- On the Create Policy page select JSON tab.
- In the Policy Document section, enter this policy profile

- Click Review Policy.
- Enter the Policy Name.
- Click Create Policy to generate the policy.
Policy should be created.

Create AWS User with Programmatic Access
- Choose Users in the navigation column on the left.
- At the top of the page, select Add User

- Enter your username and select Programmatic Access.
- Click Next Permissions.
- Select Attach Existing Policy Directly

- Select the policy you generated.

- Click Next Review.
- Click Create User.

- Copy Access Key ID and click Show to copy Secret access key. Or Download it.
Note: This is the only time you can copy Secret access key for this Access Key ID.
- Click Close button. User is presented in the list.
Create a new AWS Access Key for existing user
- On the top right of the console, click on your account name or number. Then choose My Security Credentials.
- IAM console: choose Users in the navigation column on the left.
- Select User name in the list and clcik it.
- Open Security Credentials tab.
- Choose Create New Access Key.
