Manage an AWS Account
IaSQL requires AWS credentials to manage the resources within an AWS account via an IAM user with Programmatic Access. IAM users can be created through the console/UI or CLI. Ensure that the IAM role has sufficient permissions to deploy and manage the infrastructure resources you are interested in.
AdministratorAccess provides full access to deploy and manage all types of resources.
ReadOnlyAccess access provides access to inspect all of the different kinds of existing resources but does not modify them or create new ones. The former provides full IaSQL support, while the latter only provides access to
SELECT statements, and
INSERT/UPDATE/DELETE statements will fail. Read more about IaSQL transactions here.
For standard AWS credentials there are two parts to each access key, which you’ll see in the IAM console/CLI after you create it, an id and a secret. It is possible to generate temporary credentials with a limited lifespan, in which case you also have a session token that must be provided.
View existing AWS CLI credentials
The AWS CLI creates a plaintext credentials file on your machine that contains the AWS access keys that the CLI has access to. The file is named
credentials and is located inside the
.aws/ directory in your home directory.
$ cat ~/.aws/credentials
aws_access_key_id = <YOUR_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>
Add the necessary cloud services to the PostgreSQL database
Connect to your database and use the
iasql_install IaSQL PostgreSQL function which is already loaded into your database to install different modules and start managing different parts of your cloud account. Many different clients can be used to connect to a PostgreSQL database.
To see the available modules use the
modules_list function which will return a virtual table
iasql_install ('aws_iam', 'aws_cloudwatch', 'aws_ecr', 'aws_ecs_fargate', 'aws_elb', 'aws_security_group', 'aws_vpc');