At a glance
- Availability: Experimental (how to enable).
- Auth: API key.
- Connection: Credentials come from the variables below.
Integration with AWS services including S3, EC2, and Lambda
veryfront-integration) 6. Select Access key - Programmatic access 7. Click Next: Permissions ## Step 2: Attach Permissions You can either: ### Option A: Create a Custom Policy (Recommended) 1. Click Attach existing policies directly 2. Click Create policy 3. Choose the JSON tab 4. Paste the following policy: json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetObject", "ec2:DescribeInstances", "lambda:ListFunctions" ], "Resource": "*" } ] } 5. Click Review policy 6. Name it VeryfrontAWSIntegration 7. Click Create policy 8. Go back to the user creation tab and refresh the policy list 9. Search for and select VeryfrontAWSIntegration ### Option B: Use AWS Managed Policies Attach these managed policies: - AmazonS3ReadOnlyAccess - AmazonEC2ReadOnlyAccess - AWSLambdaReadOnlyAccess Note: Option B provides broader read access than Option A. ## Step 3: Complete User Creation 1. Click Next: Tags (optional) 2. Click Next: Review 3. Click Create user 4. Important: Save your credentials: - Access Key ID - Secret Access Key ⚠️ This is the only time you’ll be able to see the Secret Access Key! ## Step 4: Configure Environment Variables 1. Copy the .env.example file to .env.local 2. Add your AWS credentials: env AWS_ACCESS_KEY_ID=your_access_key_id_here AWS_SECRET_ACCESS_KEY=your_secret_access_key_here AWS_REGION=us-east-1 3. Replace your_access_key_id_here and your_secret_access_key_here with your actual credentials 4. Update AWS_REGION to your preferred region (e.g., us-west-2, eu-west-1) ## Step 5: Install Dependencies Run the following command to install required AWS SDK packages: bash npm install @aws-sdk/client-s3 @aws-sdk/client-ec2 @aws-sdk/client-lambda @aws-sdk/credential-providers ## Step 6: Test Your Integration You can test your integration by using any of the available tools: - list-s3-buckets - List all your S3 buckets - list-s3-objects - List objects in a specific bucket - get-s3-object - Retrieve an object from S3 - list-ec2-instances - List your EC2 instances - list-lambda-functions - List your Lambda functions ## Security Best Practices 1. Never commit your .env.local file - It’s already in .gitignore 2. Use the principle of least privilege - Only grant permissions needed 3. Rotate credentials regularly - Update your access keys periodically 4. Use different credentials for different environments - Dev, staging, and production 5. Consider using AWS IAM Roles - For production environments, use IAM roles with EC2/ECS/Lambda ## Troubleshooting ### “Access Denied” Errors - Verify your IAM user has the correct permissions - Check that the region in your .env.local matches where your resources are located ### “Invalid Access Key” Errors - Double-check your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY - Ensure there are no extra spaces or newlines in your credentials - Verify the IAM user is active and the access key hasn’t been deleted ### Region Issues - Some resources are region-specific (EC2, Lambda) - S3 bucket listing is global, but object access respects bucket regions - Update AWS_REGION to match where your resources are located ## Additional Resources - AWS IAM User Guide - AWS SDK for JavaScript v3 - AWS Security Best Practices