If you plan to deploy the POC infrastructure assets using an existing AWS account, and you have “root” access, or your IAM user is in the “Administrator” Group, or your IAM user has the “AdministratorAccess” policy applied, you are good to go.
If you plan to deploy the POC infrastructure assets using an existing AWS account, and your access is delegated by an IT administrator within your organization, they may want you to use a new role with the specific privileges required. If this it the case, then please have them review the instructions below.
Regardless of your access method, if you want to logically segment these new assets from your existing assets, then you should consider using an alternate AWS Region for this process. For example, if your existing assets are in region “us-east-1,” then you could use “us-east-2” to keep them separated, if desired.
Creating a New Role and User with Required Permissions
(not required for root users or Administrators)
Create the User
Search for IAM service and click on Users.
Click on Add user button
Add a user name, check Access Type: Programatic access and click on Next: Permissions.
Click on Next:Tags.
Click on Next: Review
Warning message is displayed "This user has no permissions", permissions will be attached on the next steps
Click on Create user
Copy and store Access key ID and Secret access key as they will be used during the sandbox deployment.
Create the Policy
Search for IAM service and click on Policies.
Click on Create policy.
Click on JSON.
Copy the JSON document to the right and paste into the editor:
During deployment, the Terraform job will also create a new user with specific privileges which enable the Neverfail Bots to operate upon the sandbox assets. This is not the user which will be used for non-sandboxed customer components. Below is a list of that user’s specific permissions. Note that the user has tag nfcc-poc set to true and has name <customer_name>-user-<increment_number>.