25.2.3.8. Configure IAM Setup

Summary

This topic covers the configuration steps required for setting up IAM for clustered JBoss EAP 6 instances. The S3_PING protocol uses an S3 bucket to discover other cluster members. JGroups version 3.0.x requires Amazon AWS account access and secret keys to authenticate against the S3 service.

Because S3 domain controller discovery makes use of an S3 bucket, it requires Amazon AWS account access and secret keys to authenticate against the S3 service (similar to the S3_PING protocol used by JGroups). The IAM user and S3 bucket used for S3 discovery must be different from the IAM user and S3 bucket used for clustering.
It is a security risk to enter your main account credentials in the user-data field, store them online or in an AMI. To circumvent this, a separate account can be created using the Amazon IAM feature which would be only granted access to a single S3 bucket.

Procedure 25.11. Configure IAM Setup

  1. Go to the IAM tab in the AWS console.
  2. Click on users.
  3. Select Create New Users.
  4. Choose a name, and ensure the Generate an access key for each User option is checked.
  5. Select Download credentials, and save them in a secure location.
  6. Close the window.
  7. Click on the newly created user.
  8. Make note of the User ARM value. This value is required to set up the S3 bucket, documented here: Section 25.2.3.10, “Configure S3 Bucket Setup”.
Result

The IAM user account has been successfully created.

Report a bug