AWS Access Keys

AWS Access Keys enable programmatic access to Amazon Web Services. Datablast uses these credentials to connect to AWS resources like S3, RDS, or Lambda. Follow the steps below to create secure IAM user credentials.

---

1. AWS Prerequisites

AWS Account Setup

1. Sign in to the AWS Management Console at console.aws.amazon.com
2. Ensure you have IAM permissions to create users and manage access keys
3. Identify which AWS services Datablast needs to access (e.g., S3, RDS, Lambda)

---

2. Create an IAM User

Step-by-Step Process

1. Navigate to IAM Service
   • In the AWS Console search bar, type “IAM” and select the service
   • Click Users in the left sidebar

2. Add New User
   • Click Add users button (top right)
   • Enter a username (e.g., datablast-integration)
   • Under Select AWS access type, check Programmatic access

3. Set Permissions
   • Choose Attach policies directly
   • Select appropriate policies based on your needs:

   • AmazonS3ReadOnlyAccess - for S3 bucket access
   • AmazonRDSReadOnlyAccess - for database connections
   • Custom policies - for specific resource access

4. Review and Create
   • Click Next through the steps
   • Review the configuration
   • Click Create user

---

3. Generate Access Keys

Download Credentials

1. View Credentials Screen
   After user creation, you’ll see the Access key ID and Secret access key

2. Save Credentials Securely
   • Important: The Secret access key is shown only once
   • Click Download .csv to save both keys
   • Or copy each key individually to a secure location

⚠️ Security Warning: Never share these credentials or store them in version control. The Secret access key cannot be recovered if lost.

---

4. Configure Datablast Connection

Connection Fields

Field	Description
Connection Name	Friendly name for this AWS connection
Access Key ID	The AWS Access Key ID from step 3
Secret Access Key	The AWS Secret Access Key from step 3
Region (optional)	AWS region for resource access (e.g., us-east-1)
Description	Optional notes about this connection’s purpose

Example Configuration

Connection Name: AWS Production
Access Key ID: AKIAIOSFODNN7EXAMPLE
Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Region: us-east-1
Description: Production AWS resources access

---

5. Security Best Practices

Key Management

• Principle of Least Privilege: Only grant necessary permissions
• Regular Rotation: Rotate access keys every 90 days
• Multiple Keys: Create separate keys for different applications
• Monitor Usage: Use AWS CloudTrail to track key usage

Never Do This

• ❌ Use root account credentials
• ❌ Hard-code keys in applications
• ❌ Share keys via email or chat
• ❌ Store keys in public repositories

Do This Instead

• ✅ Create dedicated IAM users
• ✅ Use environment variables or secure vaults
• ✅ Implement key rotation policies
• ✅ Monitor access logs regularly

---

6. Troubleshooting

Access Denied Errors

• Verify the IAM user has required permissions
• Check if the resource is in the correct AWS region
• Ensure the access key is active (not disabled)

Invalid Credentials

• Confirm the Access Key ID and Secret Access Key are correct
• Check if the keys have expired or been rotated
• Verify no extra spaces or characters in the credentials

Connection Timeouts

• Verify network connectivity to AWS
• Check if IP restrictions are configured in IAM
• Ensure the AWS service is available in your region

---

7. Key Rotation Process

When rotating keys:

1. Create New Keys - Generate new access keys for the user
2. Update Datablast - Replace old credentials with new ones
3. Test Connection - Verify the new keys work correctly
4. Delete Old Keys - Remove the previous access keys from AWS

---

Useful Links

• AWS IAM User Creation Guide
• AWS Access Keys Documentation
• AWS IAM Best Practices

Remember to treat AWS access keys like passwords—keep them secure and rotate them regularly.