AWS

This reference assumes you've already created a Chassy workspace. If you have yet to do this, it is recommended you Create a Workspace first.

The AWS integration is one of a number of Cloud Services Chassy natively supports. By enabling the integration, Chassy is able to import artifacts from specific S3 buckets and publish logs ingested from your machines to S3, Cloudwatch on your behalf automatically.

How to setup AWS integration

On the Chassy console, navigate to the Integrations panel. Here, you will see a list of Chassy's available integrations among which will be the AWS integration.

On clicking Connect, you will be presented with a dialog asking for a client role ARN and providing you with an external ID and account ID.

To continue, you will need to create a new IAM role on AWS. The required permissions are specified below in either JSON or Terraform and explained in the following table:

{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"S3ReadPermissions",
      "Effect":"Allow",
      "Action":[
        "s3:Get*",
        "s3:Describe*",
        "s3:List*"
      ],
      "Resource":"arn:aws:s3:::<BUCKET_NAME>"
    },
    {
      "Sid":"ECRReadPermissions",
      "Effect":"Allow",
      "Action":[
        "ecr:BatchGet*",
        "ecr:List*",
        "ecr:Describe*",
        "ecr:Get*"
      ],
      "Resource":"*"
    },
    {
      "Sid":"CloudwatchLogsReadPermissions",
      "Effect":"Allow",
      "Action":[
        "logs:Get*",
        "logs:Describe*",
        "logs:List*"
      ],
      "Resource":"*"
    },
    {
      "Sid":"CloudwatchLogsWritePermissions",
      "Effect":"Allow",
      "Action":[
        "logs:Put*"
      ],
      "Resource":"*"
    }
  ]
}

resource "aws_iam_policy" "policy"  
  name        = "policy_name"
  path        = "/"
  description = "My Chassy permission policy"

  policy = <<EOF
{
  "Version":"2012-10-17",
  "Statement":[
    {
      "Sid":"S3ReadPermissions",
      "Effect":"Allow",
      "Action":[
        "s3:Get*",
        "s3:Describe*",
        "s3:List*"
      ],
      "Resource":"arn:aws:s3:::<BUCKET_NAME>"
    },
    {
      "Sid":"ECRReadPermissions",
      "Effect":"Allow",
      "Action":[
        "ecr:BatchGet*",
        "ecr:List*",
        "ecr:Describe*",
        "ecr:Get*"
      ],
      "Resource":"*"
    },
    {
      "Sid":"CloudwatchLogsReadPermissions",
      "Effect":"Allow",
      "Action":[
        "logs:Get*",
        "logs:Describe*",
        "logs:List*"
      ],
      "Resource":"*"
    },
    {
      "Sid":"CloudwatchLogsWritePermissions",
      "Effect":"Allow",
      "Action":[
        "logs:Put*"
      ],
      "Resource":"*"
    }
  ]
}
EOF
}

After creating your role, copy the ARN of the role and paste it into the input on the Chassy console. After clicking connect, you should see a success message and the AWS integration should say "connected" in the Integrations panel.

How to remove AWS integration

The AWS integration can be removed by navigating to the Integrations panel and clicking the X button next to the AWS integration.

You will then be asked to confirm this choice in a dialog box as it is a destructive action.

After clicking Disconnect, a success message will appear confirming that you have successfully disconnected this integration.