Registering an AWS Account in gopaddle, provides gopaddle the required  AWS Account credentials to provision and manage subnets, VPC, AWS EKS clusters, push or pull Docker Images to the ECR (Docker) Registry.  Registering an AWS Account in gopaddle is a two step process. First an IAM User with the necessary access privileges need to be created. This IAM User credential is used to register the AWS Account in the gopaddle portal.

  1. To register an AWS account, an IAM user with the following IAM policy and API access needs to be created in the AWS portal. 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DeleteSubnet",
                "ec2:DescribeInstances",
                "ec2:AttachInternetGateway",
                "ecr:DeleteRepository",
                "ec2:DeleteRouteTable",
                "ec2:AssociateRouteTable",
                "ec2:DescribeInternetGateways",
                "eks:DescribeNodegroup",
                "cloudformation:DescribeStackEvents",
                "autoscaling:DescribeAutoScalingGroups",
                "ec2:CreateRoute",
                "ec2:CreateInternetGateway",
                "iam:ListAttachedRolePolicies",
                "ec2:DescribeVolumes",
                "ec2:DeleteInternetGateway",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeRouteTables",
                "ecr:BatchCheckLayerAvailability",
                "iam:GetRole",
                "eks:ListNodegroups",
                "ecr:CreateRepository",
                "ec2:CreateTags",
                "ecr:GetDownloadUrlForLayer",
                "ec2:DeleteNetworkInterface",
                "ec2:CreateRouteTable",
                "ecr:GetAuthorizationToken",
                "ec2:DetachInternetGateway",
                "ec2:DisassociateRouteTable",
                "ecr:PutImage",
                "cloudformation:DescribeStacks",
                "eks:DeleteCluster",
                "eks:DeleteNodegroup",
                "cloudformation:DeleteStack",
                "ecr:BatchGetImage",
                "eks:UpdateNodegroupConfig",
                "eks:DescribeCluster",
                "ec2:DeleteVpc",
                "eks:ListClusters",
                "ec2:CreateSubnet",
"ec2:ModifySubnetAttribute",
                "ec2:DescribeSubnets",
                "ecr:InitiateLayerUpload",
                "ec2:DeleteTags",
                "ec2:CreateVpc",
                "ecr:UploadLayerPart",
                "iam:PassRole",
                "ec2:CreateSecurityGroup",
                "ecr:CompleteLayerUpload",
                "ec2:ModifyVpcAttribute",
                "eks:CreateCluster",
                "ec2:DetachNetworkInterface",
                "eks:UntagResource",
                "ec2:DescribeTags",
                "ec2:DeleteRoute",
                "iam:ListRoles",
                "eks:CreateNodegroup",
                "ec2:DescribeSecurityGroups",
                "iam:CreateServiceLinkedRole",
                "cloudformation:CreateStack",
                "ec2:DescribeVpcs",
                "ec2:DeleteSecurityGroup",
                "eks:TagResource",
                "sts:GetCallerIdentity"
            ],
            "Resource": "*"
        }
    ]
}

2. Once the IAM User is created, copy the Access Key and the Secret Key.
3. In the gopaddle portal, navigate to the Infrastructure option in the left panel and select Cloud Accounts.
4. Select the Cloud Account as AWS in the drop down option and Register
5. Provide a name to the Cloud Account, provide the Access Key and the Secret Key from step 2.

Did this answer your question?