AWS accounts
Give learners access to AWS accounts.
Cloud account usage can lead to abuse without the appropriate security policies in place. Always be sure to implement the appropriate policies and restrictions before exposing tracks with cloud accounts to the public.
Costs associated with cloud accounts are in addition to your standard Instruqt billing. Therefore, you should take extra precautions when allowing users to access tracks that have cloud accounts.
This guide explains how to access an Amazon Web Services (AWS) account from Instruqt.
An AWS account is a container for your AWS resources. You create and manage your AWS resources in an AWS account, and the AWS account provides administrative capabilities for access and billing.
Before you begin
You must have already built a track to which you can add access to an AWS account.
Service Limits AWS accounts have built in service limits. If you plan to deploy complex network infrastructure check to make sure you do not exceed the EC2 service quota defaults.
Access AWS accounts
It is best to add the Instruqt Cloud Client container to your track to give a learner access to an AWS account. Because the Instruqt Cloud Client container:
Exposes links to the AWS Console for the resources configured in the
config.yml
file, with the credentials required to log in.Includes the
aws
CLI, pre-configured with the required credentials.
The AWS Console and the aws
CLI make it easy for content developers and learners to access AWS resources from the sandbox.
It takes the following steps to give learners access to an AWS account:
Add an Instruqt Cloud Client container to your track.
Add an AWS account to your track.
Add tabs to your challenges where you want to expose the AWS console or
aws
CLI.
Additionally, you can use:
A set of environment variables that are available in the
aws
CLI.IAM policies and permissions.
Step 1: Add an Instruqt Cloud Client container to your track
More information can be found in the cloud client section.
Step 2: Add an AWS account to your track
Click + Add a cloud account on the Sandbox page. ↳ The Add cloud account pop-up opens.
Select the Amazon provider.
In the Name field, enter
awsaccount
.In the Services field, select the services that are going to be enabled.
In the Regions field, select the regions that are going to be enabled.
In the User IAM Policy field, enter an IAM policy in JSON format. For example to allow EC2 read-only access:
In the Admin IAM Policy field, enter an IAM policy in JSON format. For example to allow EC2 access:
In the SCP Policy field, enter an SCP policy in JSON format. This example limits the allowed instance types:
Click Save to add the AWS account. ↳ On the Sandbox page, you will see the new AWS account.
Click Back to track to return to the Track dashboard page.
Only enabled services and regions configured by the team administrator can be selected and/or specified. See more details in Cloud services and regions
Step 3: Add tabs to expose the AWS console and aws
CLI
aws
CLIIn the Challenges section of the Track dashboard, click Add new, and select Assignment.
Input these values:
FieldValueTab name
AWS account
URL
aws-ec2
Description
Learn to work with an AWS account
Click Save.
Click Tabs followed by Add new tab.
Select the Your applications tab type.
Enter/select these values to set the AWS console:
FieldValueTab name
AWS console
Select your host
cloud-client
Path
/
Port
80
Click Save to add the tab.
Click Add new tab again.
Select the Terminal tab type.
Enter/select these values to set the
aws
CLI:FieldValueTab name
aws CLI
Host
cloud-client
Click Save to add the tab.
Click Back to track.
Click Play track and test your AWS account track.
Environment variables
Adding an AWS account to your track also sets a list of AWS environment variables that you can use in commands and scripts. This provides the ability to access and deploy resources within the AWS account during track setup or during learner interaction with the CLI.
Setting policies and permissions
AWS accounts have the following settings to configure policies and permissions:
Identity And Access (IAM) policies
Service control policies (SCP) policies
Awesome! Your learners can now access AWS accounts. But there is more. You can also give them access to:
Last updated
Was this helpful?