Least privileged permissions

Owned by Peng Xiao
Apr 10, 2020
2 min read

AWS Widgets for Confluence only requires readonly permission on AWS resources. It is recommended that you create a separate user for this application.

You can do it via AWS console or via the script we provided.

Create a ReadOnly user with AWS console

From the main console screen, type in IAM. And select the suggested link.

 

From the IAM dashboard select the Users section and then Add user button.

 

Enter the new username for your read-only user (AWS_Widgets_ReadOnly in this example), select the Programmatic access and AWS Management Console Access. Then select Next: Permissions.

 

 

Select the Attach existing policies directly button, then use the search bar to search for ReadOnlyAccess policy. Select the check box beside that policy. Then select Next: Review.

  • NOTE: it’s imperative that you select Read Only Access Policy and set the right permissions. Otherwise you’ll grant too much control to your potential new party.

 

Select Create user.

On this screen, you will need to share the following credentials with your new user: the access key id, the secret access key (select the show option), and the password (select the show option)

 

You can also download the keys with the download .csv button