Configure Cloud Credentials

Set up secure access to your AWS and GCP accounts for infrastructure management

Overview

Infra.new requires cloud credentials to interact with your AWS or GCP resources. These credentials enable features like:

  • Resource Import: Discover and generate Terraform code for existing cloud resources
  • State Backend Monitoring: Track changes to your Terraform state files
  • Infrastructure Deployment: Apply Terraform configurations to your cloud accounts

This guide walks you through creating and configuring credentials with the appropriate permissions for each use case.

Security Best Practices

Follow these security principles:

  • Least Privilege: Grant only the minimum permissions required for each use case
  • Separate Credentials: Use different credentials for different environments (dev, staging, prod)
  • Regular Rotation: Rotate access keys periodically
  • Audit Access: Review and audit credential usage regularly
  • Never Share: Keep credentials secure and never commit them to version control

Credential Setup

Choose your cloud provider below for detailed setup instructions:

AWS Permission Requirements

Different Infra.new features require different permission sets:

For Resource Import

To discover and import existing AWS resources:

ResourceExplorer2ReadOnlyAccess

Allows discovery of resources across your account

ReadOnlyAccess

Provides read access to retrieve resource configurations

For State Backend Monitoring

To monitor Terraform state files in S3:

AmazonS3ReadOnlyAccess

Quick option: Grants read access to all S3 buckets

— OR —

Custom Policy (Recommended)

More secure: Limits access to specific bucket

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["s3:GetObject", "s3:ListBucket"],
    "Resource": [
      "arn:aws:s3:::YOUR_STATE_BUCKET",
      "arn:aws:s3:::YOUR_STATE_BUCKET/*"
    ]
  }]
}

Step-by-Step Setup

1. Navigate to IAM

  1. Open the AWS Console
  2. Navigate to the IAM service
  3. Select Users from the left navigation
  4. Click Create user
AWS IAM Users Screen

2. Configure User Details

  1. Enter a descriptive user name:
    • For imports: infranew-import-reader
    • For state monitoring: infranew-state-reader
  2. Select Access key - Programmatic access
  3. Click Next: Permissions
Create IAM User

3. Attach Permissions

Based on your use case, attach the appropriate policies:

  • Search for the required policy names in the search box
  • Select the checkbox next to each policy
  • Click Next to continue
Attach IAM Policies

4. Review and Create

  1. Review the user configuration
  2. Verify the attached policies are correct
  3. Click Create user
Review User Creation

5. Create Access Keys

  1. Click on the newly created user to view details
  2. Navigate to the Security credentials tab
  3. In the Access keys section, click Create access key
Navigate to Access Key Creation
Create Access Key

6. Save Your Credentials

Copy and securely save both the Access Key ID and Secret Access Key.

⚠️ Important: This is the only time you can view the Secret Access Key

Store these credentials securely. You'll need them to configure Infra.new.

Copy Access Keys

7. Additional Setup for Resource Import

If using credentials for resource import:

You must also enable AWS Resource Explorer:

  1. Navigate to AWS Resource Explorer in the console
  2. Click Turn on Resource Explorer
  3. Select Quick setup
  4. Choose an aggregator region (typically us-east-1)
  5. Click Turn on

Note: Initial indexing takes 15-30 minutes to complete.

Next Steps

Now that you have AWS credentials, you can:

Import Cloud Resources

Generate Terraform code from existing AWS infrastructure

Connect State Backends

Monitor Terraform state files stored in S3