Security
When you build systems on AWS infrastructure, security responsibilities are shared
between you and AWS. This shared model
Multiple users and access control
You can create multiple API keys, each with different names that are provided to separate groups. To share the browser application with a colleague, provide the browser application URL, core endpoint URL, and an API key.
Important
If an API key is stolen or lost, create a new API key and delete the previous one. Send the updated API key by method of your preference to all users that require access. All users will have to update in the browser application. This solution’s browser application prompts the user to update the endpoint and key if the previously used settings are unable to access the back-end.
Installation permissions
The CloudFormation templates provided for solution installation require permissions to create and configure several different types of cloud resources. The user launching the CloudFormation templates must have permissions to create the resources defined in the templates. CloudFormation will assume that user's permissions temporarily during installation to complete the steps.
There are several options for the user installing the templates to have the correct permissions:
-
A user with
AdministratorAccessrole attached. -
A user that belongs to the
installationGroupcreated by the IAM template. -
Using the root user if no other options are available.
Important
Using the root user is generally discouraged. For details, refer to AWS account root user in the IAM User Guide.
IAM resources
The solution’s IAM template installs a group with an inline policy with permissions
sufficient to install all the templates of the solution. The IAM group is named
<stackname>-installationGroup-<ID>.
Add the users to this group who will be installing the solution if your organization has
strict requirements about the AdministratorAccess managed policy.
