Manage an AWS Account

IaSQL requires AWS credentials to manage the resources within an AWS account via an IAM user with Programmatic Access. IAM users can be created through the console/UI or CLI. Ensure that the IAM role has sufficient permissions to deploy and manage the infrastructure resources you are interested in. AdministratorAccess provides full access to deploy and manage all types of resources. ReadOnlyAccess access provides access to inspect all of the different kinds of existing resources but does not modify them or create new ones. The former provides full IaSQL support, while the latter only provides access to SELECT statements, and INSERT/UPDATE/DELETE statements will fail. Read more about IaSQL transactions here.

For standard AWS credentials there are two parts to each access key, which you’ll see in the IAM console/CLI after you create it, an id and a secret. It is possible to generate temporary credentials with a limited lifespan, in which case you also have a session token that must be provided.

View existing AWS CLI credentials

The AWS CLI creates a plaintext credentials file on your machine that contains the AWS access keys that the CLI has access to. The file is named credentials and is located inside the .aws/ directory in your home directory.

$ cat ~/.aws/credentials

[default]
aws_access_key_id = <YOUR_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>

Add the necessary cloud services to the PostgreSQL database

Connect to your database and use the iasql_install IaSQL PostgreSQL function which is already loaded into your database to install different modules and start managing different parts of your cloud account. Many different clients can be used to connect to a PostgreSQL database.

note

To see the available modules use the modules_list function which will return a virtual table

SELECT
  *
FROM
  iasql_install ('aws_iam', 'aws_cloudwatch', 'aws_ecr', 'aws_ecs_fargate', 'aws_elb', 'aws_security_group', 'aws_vpc');