Creation of the AWS Kops group / user and the state store must be completed before installing the first Kubernetes cluster.
Configure AWS Credentials
Configure the AWS client to use your main AWS credentials. This is needed so that you are able to create the kops group and kops user in the next step.
$ aws configure
AWS Access Key ID [None]: → provide your access key
AWS Secret Access Key [None]: → provide your secret key
Default region name [None]: eu-central-1 # provide your region
Default output format [None]: → enter
Create the Kops Group and User
Create a kops user group, add the required permissions to the group, and then add the kops user to the user group. This will create a new access and secret key.
aws iam create-group --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonRoute53FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --group-name kops
aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonVPCFullAccess --group-name kops
aws iam create-user --user-name kops
aws iam add-user-to-group --user-name kops --group-name kops
aws iam create-access-key --user-name kops
The following Asciicast show the previous commands in action.
After running the command aws iam create-access-key --user-name kops in the previous steps you will have been shown JSON output similar to the following.