Use Amazon IAM keys in Nodofftime

You could use your AWS main access key for use with Nodofftime: we keep all supplied keys securely, and will never use your keys for any purpose that you have not authorised. However, better safe than sorry, right? The principle of least privilege certainly applies here. So our recommendation is to use Amazon Web Services Identity and Access Management (IAM) keys for Nodofftime, and indeed in any circumstance when you need to give someone access to some part of your amazon account.

The IAM policy* required by Nodofftime

{
  "Statement": [
    {
      "Action": [
        "ec2:DescribeInstanceAttribute",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Effect": "Allow",
      "Resource": [
        "*"
      ]
    }
  ]
}

Overview instructions for using IAM keys

IAM is one of the tabs in the aws management console

Create a group

Select custom policy and use the policy document from above

Add a user to the group

Get the keys and supply them to Nodofftime

More detailed instructions

Login to Amazon Web Services

From the management console, go to the AWS IAM tab

Create a new group of users

Name the group whatever you like (maybe "nodofftime group")

Choose the "Custom Policy" radio button, click "Select" to continue

Name the policy whatever you like (maybe "nodofftime minimal access")

Paste in the above policy document

Click "Continue", The users step will appear

Select the "Create New Users" tab

Enter a name for the Nodofftime user (maybe "nodofftime")

Ensure "generate an acess key for each user" is checked

Click "Continue"

Click "Finish", A success dialog should appear

Click "Show User Security Credentials"

Copy out (or download) the "Access Key Id" and "Secret Access Key" - as the message says, this is the last change you have to do that

Click "Close Window" (maybe twice)

You are done, this is the Access Key and Secret that you need to provide to Nodofftime


* The policy is pretty self explanatory, the Actions allowed speak for themselves, but here is some more information  on using IAM with EC2


Feedback and Knowledge Base