Getting Started
Documentation
You can find the official STS documentation here: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html
Example User
- In this example we’ll set up a new AWS user with no specific permissions and create a role that has STS associated with it and has read-only DynamoDB permissions.
Creating the User
- First of all we need to set up a new AWS user by going into Console > Services > IAM then hitting the Add users button.
User Details
- Then name the user and set the access type to Programmatic Access. In this example we'll set our user to sts-user.
Permissions
- In the next screen related to permissions and adding the user to a group, you can skip the page without setting any permissions.
Create the user
- Click on create user. When the user created success page is displayed.
Summary
- Here you can find the Access and Secret access key for the user, write down the keys as we'll need them later to authenticate the plugin in Unreal Enigne.
User ARN
- Navigate to the sts-user we just created so we can copy the ARN id of the user.
- Copy/Write down the User ARN string as we're going to be using this later.
Example Role
- Next we're going to create a STS role for our sts-user.
Selecting the account
- In this example we're going to be selecting "AWS account" identified by the ID number in our User ARN that we copied in the previous step, use the digital numbers only. (ie 1234345678).
Role Permissions
- Select the DynamoDb Read Only Access permission policy.
Role Summary
- Review the Role Summary and create the Role if you're happy with the settings.
Role ARN
- Click on your newly created sts_role and copy the Role ARN as we'll be using this later.
Trust Policy
- By default the trust relationship is set to trust the root account, you need to change this to set up the relationship with the user we set up (sts-user) by changing the ARN in the policy to the User Arn that we created earlier.
- Replace with the User Arn and update the policy.
Summary
- This is an example of an updated policy
Inline Policy
- Next we have to add an Inline policy for STS to our sts-user.
Add Inline Policy
- Click on Add inline policy in the Users permissions.
Policy Settings
- Select the STS service and All STS actions (you may want to customize these permissions for your needs, but for the simplicity of this tutorial all permissions are selected).
- In the Resources settings we'll specify the Role Arn that we copied earlier when creating our sts-role. After adding the sts_role to the resources setings then click on Review policy.
- If everything looks OK then click on Create policy
DynamoDb Example
- You should now have a fully configured STS user that can read DynamoDB Data. Below is a screenshot of how to use STS in conjunction with the eelDev DynamoDB plugin.
