AWS
Use the integration to execute AWS API calls in Fylamynt workflows.
Last updated
Use the integration to execute AWS API calls in Fylamynt workflows.
Last updated
AWS API calls are notoriously hard to read, understand and use. Our goal is to help users connect individual API calls as a node in Fylamynt workflows.
The integration between Fylamynt and AWS lets you:
Use any AWS services through a drop-down list
Use all available operations against the selected service
Navigate to Settings > Cloud Services > AWS
Under AWS Target Accounts, click "Add New" to configure Fylamynt integration with your AWS account.
There are two steps needed to integrate Fylamynt with your AWS account.
In your AWS account, create an IAM role that allows Fylamynt to assume a role.
In Fylamynt, provide the ARN to that IAM role and give it a name.
We will cover three possible ways to create an AWS IAM role with assume role permissions. Fylamynt provides two scrips, one for Terraform and one for Python, to create the role. It's also possible to use the AWS console directly to create the role. You only need to use one of these options, or, if you're comfortable with some other tool (AWS CLI, for example) feel free to use that.
Both the Terraform template and the python script require you to have an AWS access key and AWS access secret for your AWS account.
If you are already using Terraform to provision your AWS account, this convenience script will help create a role with the correct permissions to allow Fylamynt to invoke AWS actions inside your account on your behalf.
Install prerequisites
The Python script assumes you have a working AWS account and have set up an access key.
Install Boto3 The boto3 python package provides programmatic access to the AWS API. https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
In a shell, use pip to install boto3:
Download the Fylamynt python script zip file.
Extract the zip file.
Change into the extracted directory
Edit a policy document.
There are two policy JSON documents provided in the zip file. "custom_policy.json" provides full access to several services AWS account, and read_only_policy.json gives read-only access to a set of services. Feel free to edit those as you see fit.
Execute the script
You will need:
Fylamynt Account ID (from the right side of the setup page).
Fylamynt External ID (from the right side of the setup page).
AWS Account Key (from your AWS account)
AWS Account Secret (from your AWS account)
The policy JSON file you'd like to use.
If it ran correctly, execution should look like this:
Manually Create AWS AssumeRole
Go to the IAM console for your AWS target account.
Select Create role
Select Another AWS account for the Role Type.
For Account ID, copy-paste Your Fylamynt Account ID from the right panel. This is the AWS account ID that hosts the Fylamynt application, and you are granting that account access to your AWS target account.
Check off Require external ID and copy-paste the “External ID” from the right panel. Make sure you leave Require MFA disabled. For more information about the External ID, check out this document in the IAM User Guide.
Click Next: Permissions.
If you already have a policy, select it. Otherwise, the Fylamynt team can help you create a policy that suits your needs. For non-critical test accounts, you can choose the PowerUserAccess managed policy. This will unlock the full functionality of the Fylamynt platform.
Attach Permission Policies
Select the appropriate tags and proceed.
Add Tags
Name the role and add a description that denotes that this role is for Fylamynt access. Click Create Role. Copy-paste the ARN for the created role from the AWS IAM console into the AssumeRole ARN field in the right panel on this Fylamynt page.
Right Panel
Enter a friendly name, or alias, for this AWS target account into the Account Alias field in the right panel on this page. An alias may contain any alphabets and dashes. You select a target environment that your Fylamynt workflow runs against by picking one of your target accounts as runtime input.
Enter the AWS region name where your Fylamynt workflows will run against.
Click Add Target Account. You are now able to use Fylamynt with this account!
Steps provide here
The AWS Execution Action allows you to call any AWS API endpoint supported by the boto3 library. See boto3 documentation here: https://boto3.amazonaws.com/v1/documentation/api/latest/index.html
After you select a service (e.g. EC2, S3, IAM) and an operation (e.g. 'DescribeInstances', 'CreateBucket'), a further list of parameters for that call will appear on the right sidebar. These will be specific to the call you're making.
The Specific output of the AWS Execution Action depends on the Service and Operation selected above.
The 'output' tab on the right panel will show a preview of the JSON output of the given operation.
A step-by-step configuration is available on the Creating your first workflow using AWS Cloud Services page
Parameter Name
Description
Required
Service
The AWS Service you want to call.
True
Operation
The API call you want to make to the above service.
True