Connecting your AWS account
Python Deploy requires access to you AWS account in order to create and configure all the resources that you need to run your Python application.
To access your account we use delegated accessopen in new window. This means that you do not have to give us the credentials to your account.
Creating the AWS Role
To grant us access follow these steps:
- Go to your AWS Identity and Access Managementopen in new window console.
- Click on Rolesopen in new window
- Select Create roleopen in new window.
- Choose Another AWS accountopen in new window.
- Put PythonDeploy's account number in "Account ID". It is very important that you use the correct number. You will find the number when you are connecting your AWS to one of your Teams.
- Leave all other options unselected and click "Next: Permissions".
- In the "Attach permissions policies" section search for "AdministratorAccess" and select it.
- Click "Next: Review" (You can add tags if it helps you classify your Roles, but this is not required).
- Set the Role name with the suffix provided when connecting your AWS account to one of your Teams. We recommend using a name that helps you remember why you created this role, example "PythonDeploy-########".
- Click "Create role".
You will now be presented with the lists of roles that you have in your account. Click (open) the one you just created, and copy its "arn", it should look something like this:
- arn:aws:iam::000000000000:role/PythonDeploy
Add this value you will use as AWS Role when connecting your AWS account to PythonDeploy.
Why AdministratorAccess
Python Deploy manages different resources across multiple AWS services, and the list will continue to grow with time. The most convinient way of ensuring that we can configure your environment is granting AdministratorAccess. If you want, it is possible to create a sub-accountopen in new window only for PythonDeploy, and that way we only have access to the resources that we create and manage for you.
Revoking access
If at some point you want to revoke access from PythonDeploy to your account, you only need to delete the Role. (It might take up to 1 hours for access to be fully revoked.)