This one-time procedure will establish credentials that CockroachDB uses for integrated S3 data operations. Once created, this IAM Key can be used across all your CockroachDB clusters and buckets managed by AWS S3.
- Existing AWS cloud account with admin privileges
-
Access keys in AWS allow applications to interact with AWS services that are provisioned by the account owner. These keys must be kept secret within your organization, in accordance to your security policies.
-
In AWS, only 2 keys are typically allowed in your named account. If you already have 2 keys established, then it's save to re-use these with CockroachDB, and this runbook procedure can be skipped.
-
Sign in to your AWS account: https://signin.aws.amazon.com
-
Navigate to your user-profile view, and select Security credentials
- Scroll down to Access keys and select Create access key
You may already have an existing key present that is used by other applications, projects, activities, or groups.
- Select Application running outside AWS and click Next
- Once the key is created, this is your only chance to save it for consumption.
Be sure to save the visible Access key ID and the hidden Secret access key.
Both of these IAM key parts will be used by CockroachDB to execute backup and restore operations.
For more details about managing access keys, see the Best practices for managing AWS access keys.