Setting Up Local Users - Amazon Snowball Edge Developer Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Setting Up Local Users

Following are steps to set up a local administrator on your Amazon Snowball Edge device.

  1. Retrieve your root user credentials

    Use the snowballEdge list-access-keys and snowballEdge get-secret-access-key to get your local credentials. For more information, see Getting Credentials.

  2. Configure the root user credential using aws configure

    Supply the Amazon Access Key ID, Amazon Secret Access Key, and Default region name. The region name must be snow. Optionally supply a Default output format. For more information about configuring the Amazon CLI, see Configuring the Amazon CLI in the Amazon Command Line Interface User Guide.

  3. Create one or more local users on your device

    Use the create-user command to add users to your device.

    
aws iam create-user --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName

    After you add users according to your business needs, you can store your Amazon root credentials in a safe location and only use them for account and service management tasks. For more information about creating IAM users, see Creating an IAM user in your Amazon Web Services account in the IAM User Guide.

  4. Create an access key for your user

    Warning

    This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see Updating access keys in the IAM User Guide.

    Use the create-access-key command to create an access key for your user.

    
aws iam create-access-key --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName

    Save the access key information to a file and distribute to your users.

  5. Create an access policy

    You might want different users to have different levels of access to functionality on your device. The following example creates a policy document named s3-only-policy and attaches it to a user.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}    

    
aws iam create-policy --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --policy-name s3-only-policy --policy-document file://s3-only-policy

  6. Attach the policy to your user

    Use the attach-user-policy to attach the s3-only-policy to a user.

    
  aws iam attach-user-policy --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName --policy-arn arn:aws:iam::AccountID:policy/POLICYNAME

For more information about using IAM locally, see Using IAM Locally.

Next: Using an Amazon Snowball Edge Device