AWS CloudFormation YAML template

Home > Technical articles > AWS CloudFormation YAML template

EnsureDR Prerequisites

 

In this document, you will learn how to use the AWS CloudFormation YAML template to deploy a user, a group, and attach all necessary policies to the group in order to start using EnsureDR for AWS DRS.

YAML template file

 

The AWS CloudFormation YAML Template, crafted to automate the procedure of applying essential permissions for users and groups, can be downloaded from the:

https://ensuredrtemplate.s3.amazonaws.com/EnsureDR_Template.yaml

Parameters:
  Account:
    Type: String
    Default: EnsureDRuser
    Description: 'Enter a name for your EnsureDR account or leave the default name.'
  Group:
    Type: String
    Default: EnsureDRgroup
    Description: 'Enter a name for the group or leave the default name.'

Resources:
  EnsureDRUser:
    Type: 'AWS::IAM::User'
    Properties:
      UserName: !Sub '${Account}'
      Groups:
        - !Ref EnsureDRGroup

  EnsureDRGroup:
    Type: 'AWS::IAM::Group'
    Properties:
      GroupName: !Sub '${Group}'
      Path: '/'
      ManagedPolicyArns: # list of ARNs of IAM managed policies that you want to attach to the group
        - arn:aws:iam::aws:policy/AmazonEC2FullAccess
        - arn:aws:iam::aws:policy/AmazonS3FullAccess
        - arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryFailbackPolicy
        - arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryConversionServerPolicy
        - arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryAgentPolicy
        - arn:aws:iam::aws:policy/AWSElasticDisasterRecoveryConsoleFullAccess
        - arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryRecoveryInstancePolicy
        - arn:aws:iam::aws:policy/service-role/AWSElasticDisasterRecoveryReplicationServerPolicy

 

Creating an EnsureDR Cloud User through YAML in the CloudFormation Console

 

EnsureDR Cloud has created a YAML script that can be executed within the AWS CloudFormation console to streamline the user creation process and permission configuration. This eliminates the need for manual configuration and simplifies the overall process. Please navigate to the AWS CloudFormation Console - Create stack page.

Note: If you haven't signed up into AWS before accessing the CloudFormation console, you will be required to go through an authorization process. This may result in a different startup page appearing in your situation.

Step 1, keep the default selection as displayed and input the Amazon S3 URL provided here:

https://ensuredrtemplate.s3.amazonaws.com/EnsureDR_Template.yaml

 Once the URL has been added, click "Next" to proceed with the next step of the process.

Graphical user interface, application, email Description automatically generated

As you move on to Step 2, Specify stack details. Please follow the instructions below:

  • Assign a name to your stack.
  • Specify a name for your EnsureDR Cloud account or leave it as the default name.
  • Provide a name for the group or leave it as the default name.

Once you have entered the required details, click Next to proceed.

Graphical user interface, text, application, email Description automatically generated

In Step 3, Configure stack options, scroll to the bottom of the page.

To proceed to the next step, click Next.

Graphical user interface, text, application Description automatically generated

In Step 4, Review Test, once you have reviewed the stack details, scroll down to the bottom of the page.

To proceed with the stack creation, ensure that you have selected the checkbox that reads "I acknowledge that AWS CloudFormation might create IAM resources with custom names." This option can be found at the bottom of the page and needs to be selected before clicking Submit.

A screenshot of a computer Description automatically generated

To monitor the progress of the stack creation process, you can click refresh (indicated by a red square in the image) to receive updates from the AWS CloudFormation console.

A screenshot of a computer Description automatically generated

Upon the successful completion of the process, you can verify the status by checking the AWS CloudFormation console output, which will be displayed similar to the example shown below.

 

Create access and secret keys

 

After successfully implementing the YAML template, the next step is to create an access key and secret key for the newly created user in AWS IAM, which will be required while creating a job in the EnsureDR Cloud web console.

 

After opening the AWS IAM Console, navigate to the left pane and click Users. From there, select the user you created from the list that appears in the right pane.

Graphical user interface, application, website Description automatically generated

In the user details page of the AWS IAM Console, navigate to the Security credentials tab, scroll down to the section Access keys and click on the Create access key button.

Graphical user interface, application Description automatically generated

After clicking Create access key, a new window will appear. Select Command Line Interface (CLI) then at the bottom of the page click on the checkbox “I understand the above recommendation and want to proceed to create an access key”, then click Next.

Graphical user interface, text, application Description automatically generated

Click Create access key. Setting a description tag is optional and not mandatory.

Graphical user interface, application Description automatically generated

From there, you can download the access and secret keys as a CSV file by clicking Download .csv file. Finally, click Done to exit the window.

Graphical user interface, text, application, email Description automatically generated

All the necessary prerequisites to start using EnsureDR Cloud have been completed. It is important to save the downloaded file containing the access and secret keys in a secure location or copy the data into a password manager for future use.

Updated:

Other Articles