> ## Documentation Index
> Fetch the complete documentation index at: https://veryfront.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Amazon Web Services

> Integration with AWS services including S3, EC2, and Lambda

## At a glance

* **Availability**: Experimental ([how to enable](/cloud/integrations)).
* **Auth**: API key.
* **Connection**: Credentials come from the variables below.

## Credentials

Set these per environment. See [Connect an integration](/cloud/integrations).

| Variable                | Required | Description                 |
| ----------------------- | -------- | --------------------------- |
| `AWS_ACCESS_KEY_ID`     | Yes      | AWS Access Key ID           |
| `AWS_SECRET_ACCESS_KEY` | Yes      | AWS Secret Access Key       |
| `AWS_REGION`            | Yes      | AWS Region (e.g. us-east-1) |

## Setup

# AWS Integration Setup Guide ## Step 1: Create an IAM User 1. Log in to the [AWS Console](https://console.aws.amazon.com/) 2. Navigate to **IAM** (Identity and Access Management) 3. Click on **Users** in the left sidebar 4. Click **Add users** 5. Enter a username (e.g., `veryfront-integration`) 6. Select **Access key - Programmatic access** 7. Click **Next: Permissions** ## Step 2: Attach Permissions You can either: ### Option A: Create a Custom Policy (Recommended) 1. Click **Attach existing policies directly** 2. Click **Create policy** 3. Choose the **JSON** tab 4. Paste the following policy: `json &#123; "Version": "2012-10-17", "Statement": [ &#123; "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:GetObject", "ec2:DescribeInstances", "lambda:ListFunctions" ], "Resource": "*" &#125; ] &#125; ` 5. Click **Review policy** 6. Name it `VeryfrontAWSIntegration` 7. Click **Create policy** 8. Go back to the user creation tab and refresh the policy list 9. Search for and select `VeryfrontAWSIntegration` ### Option B: Use AWS Managed Policies Attach these managed policies: - `AmazonS3ReadOnlyAccess` - `AmazonEC2ReadOnlyAccess` - `AWSLambdaReadOnlyAccess` **Note:** Option B provides broader read access than Option A. ## Step 3: Complete User Creation 1. Click **Next: Tags** (optional) 2. Click **Next: Review** 3. Click **Create user** 4. **Important:** Save your credentials: - **Access Key ID** - **Secret Access Key** ⚠️ This is the only time you'll be able to see the Secret Access Key! ## Step 4: Configure Environment Variables 1. Copy the `.env.example` file to `.env.local` 2. Add your AWS credentials: `env AWS_ACCESS_KEY_ID=your_access_key_id_here AWS_SECRET_ACCESS_KEY=your_secret_access_key_here AWS_REGION=us-east-1 ` 3. Replace `your_access_key_id_here` and `your_secret_access_key_here` with your actual credentials 4. Update `AWS_REGION` to your preferred region (e.g., `us-west-2`, `eu-west-1`) ## Step 5: Install Dependencies Run the following command to install required AWS SDK packages: `bash npm install @aws-sdk/client-s3 @aws-sdk/client-ec2 @aws-sdk/client-lambda @aws-sdk/credential-providers ` ## Step 6: Test Your Integration You can test your integration by using any of the available tools: - `list-s3-buckets` - List all your S3 buckets - `list-s3-objects` - List objects in a specific bucket - `get-s3-object` - Retrieve an object from S3 - `list-ec2-instances` - List your EC2 instances - `list-lambda-functions` - List your Lambda functions ## Security Best Practices 1. **Never commit your `.env.local` file** - It's already in `.gitignore` 2. **Use the principle of least privilege** - Only grant permissions needed 3. **Rotate credentials regularly** - Update your access keys periodically 4. **Use different credentials for different environments** - Dev, staging, and production 5. **Consider using AWS IAM Roles** - For production environments, use IAM roles with EC2/ECS/Lambda ## Troubleshooting ### "Access Denied" Errors - Verify your IAM user has the correct permissions - Check that the region in your `.env.local` matches where your resources are located ### "Invalid Access Key" Errors - Double-check your `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` - Ensure there are no extra spaces or newlines in your credentials - Verify the IAM user is active and the access key hasn't been deleted ### Region Issues - Some resources are region-specific (EC2, Lambda) - S3 bucket listing is global, but object access respects bucket regions - Update `AWS_REGION` to match where your resources are located ## Additional Resources - [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/) - [AWS SDK for JavaScript v3](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/) - [AWS Security Best Practices](https://aws.amazon.com/security/best-practices/)

## Tools

| Tool                  | Access | Description                               |
| --------------------- | ------ | ----------------------------------------- |
| list-s3-buckets       | Read   | List all S3 buckets in your AWS account   |
| list-s3-objects       | Read   | List objects in a specific S3 bucket      |
| get-s3-object         | Read   | Get the contents of an object from S3     |
| list-ec2-instances    | Read   | List EC2 instances in your AWS account    |
| list-lambda-functions | Read   | List Lambda functions in your AWS account |
