Cloud Providers /

Add your Amazon Web Services account to Northflank

To add a new cloud provider integration navigate to the clusters page in your account settings.

You can add credentials when creating a new cluster, or create a new integration on its own. In both cases you will be able to use the saved credentials to create new clusters in the future.

You must have sufficient resource quotas available on your cloud platform to deploy a cluster using Northflank.

Click here to create a new cloud provider integration.

It is recommended that you create a new IAM user to integrate with Northflank:

Navigate to your Northflank account settings and open the clusters page
Create a new integration, or create a new cluster and select new credentials . Select Amazon Web Services as the provider.
Open your AWS IAM console , open the users page and add a new user (without console access)
In the new user click add permissions and select create inline policy, and add the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Northflank",
      "Effect": "Allow",
      "Action": [
        "ec2:CreateVpc",
        "ec2:DeleteVpc",
        "ec2:DescribeVpcs",
        "ec2:CreateSubnet",
        "ec2:DeleteSubnet",
        "ec2:DescribeSubnets",
        "ec2:ModifySubnetAttribute",
        "ec2:AssociateRouteTable",
        "ec2:CreateRoute",
        "ec2:CreateRouteTable",
        "ec2:DeleteRoute",
        "ec2:DeleteRouteTable",
        "ec2:DescribeRouteTables",
        "ec2:DisassociateRouteTable",
        "ec2:CreateNatGateway",
        "ec2:DeleteNatGateway",
        "ec2:DescribeNatGateways",
        "ec2:AttachInternetGateway",
        "ec2:CreateInternetGateway",
        "ec2:DeleteInternetGateway",
        "ec2:DescribeInternetGateways",
        "ec2:DetachInternetGateway",
        "ec2:AllocateAddress",
        "ec2:DescribeAddresses",
        "ec2:ReleaseAddress",
        "ec2:CreateTags",
        "eks:DescribeAddon",
        "eks:DescribeCluster",
        "eks:DescribeNodegroup",
        "eks:DeleteCluster",
        "eks:DeleteNodegroup",
        "eks:DeleteAddon",
        "eks:CreateNodegroup",
        "eks:CreateAddon",
        "eks:CreateCluster",
        "eks:UpdateClusterVersion",
        "eks:UpdateNodegroupConfig",
        "eks:UpdateNodegroupVersion",
        "eks:TagResource",
        "iam:CreateRole",
        "iam:CreateServiceLinkedRole",
        "iam:TagRole",
        "iam:GetRole",
        "iam:DeleteRole",
        "iam:PutRolePolicy",
        "iam:PassRole",
        "iam:AttachRolePolicy",
        "iam:DetachRolePolicy",
        "iam:DeleteRolePolicy",
        "iam:ListAttachedRolePolicies",
        "iam:CreateOpenIDConnectProvider",
        "iam:GetOpenIDConnectProvider",
        "iam:DeleteOpenIDConnectProvider",
        "iam:TagOpenIDConnectProvider",
        "iam:SimulatePrincipalPolicy"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Open security credentials in your new user and click create access key. Select the Application running outside AWS use case and click next. Enter a description that will help you recognise your key (e.g. Northflank BYOC) and create access key.
Enter the access key and secret key for the user you created into the Northflank integration form
Create the integration or continue configuring your new cluster. Your credentials will be saved as a new integration when you create the new cluster.

You can edit the integration at any time to update the secrets, if required. If the new secrets do not have permission to manage existing clusters, you will be unable to edit those clusters and deleting them via AWS may leave orphaned resources.

Next steps

Create a kubernetes cluster

Create a new Northflank-managed cluster on a cloud provider.

Manage your kubernetes cluster

Manage your clusters on other cloud providers using Northflank.