Account Permissions

Setting up AWS permissions for the Streamlio Cloud

To set up the Streamlio Cloud you must first grant Streamlio permission to access an AWS account in which it will create and manage compute and VPC resources. Streamlio can use either a cross-account role or access keys. This topic describes how to configure Streamlio to use either method. For both methods you configure settings in both the AWS Console and the Streamlio Account Console.

Important

  • Although both roles and access keys are supported, Streamlio strongly recommends that you use a cross-account role to enable access to your AWS account.

  • You can change the AWS account. However, changing the AWS account causes cluster termination, VPC deletion, and the invalidation of any IAM roles you have set up.

  • Changes to the AWS account or to the type and configuration of AWS permissions can result in a downtime of 2-10 minutes.

Using a Cross-Account Role

Please contact us at info@streaml.io for more information on how to enable cross-account access.

Using Access Keys

This section describes how to configure access to an AWS account using access keys.

Step 1: Create an access policy and a user with access keys

  1. In the AWS Console, go to the IAM service.

  2. Click the Policies tab in the sidebar.

  3. Click on Create Policy.

  • In the policy editor, click on the JSON tab.

  • When you sign up for our managed service, you will receive a copy of our latest AWS security policy for your team to review. In order to provide the managed service, Streamlio will require permission to create, update, and delete certain AWS resources such as Load Balancers, VPCs, etc.

  • Paste the AWS access policy into the editor:

  • Click Review Policy.

  • In the Name field, enter a policy name such as “Streamlio-managed”

  • Click Create Policy.

  1. Click the user tab in the sidebar

  2. Click Add User.

4. Click the user tab in the sidebar.

5. Click Add User.

a. Enter a user name such as "test-user"

b. For Access Type, select both Programmatic Access and AWS Management Console Access

c. Click Next Permissions.

d. Select Attach existing policies directly.

e. In the Policy type filter, select Customer managed.

f. Select the checkbox next to the policy you created earlier from the JSON content.

g. Click Next Review.

h. Click Create user.

6. Click download.csv, which downloads a CSV file containing the access key ID and secret access key you need for Step 2.

7. Click Close.

8. Email a password-protected copy of the downloaded CSV file to Streamlio.

_____ Copyright 2019 Streamlio, Inc. Apache, Apache BookKeeper, Apache Pulsar and associated open source project names are trademarks of the Apache Software Foundation.