AWS Configuration


You’ll an Amazon Web Services account before you can use Oauth.Us. That’s because all Oauth.Us providers run on your private AWS account to ensure the highest degree of security. If you’ve never used AWS before, Amazon provides a free tier that you can use for an entire year.

  • You can create an account here

After you’ve set up your AWS account, you’ll probably want to create a special user for Oauth.Us with limited privileges. While you could use your “root” account, it’s not the best idea.

IAM


The AWS Identity Access Management (IAM for short) is where you can add and manage users. For example, you may want to add developers, system administrators, etc. To add a new user,

  • Navigate to the IAM service
docs/../../../_static/img/aws_overview_iam.png
  • Click on Create User
docs/../../../_static/img/aws_new_iam_user.png

You want to choose a descriptive name such as “OauthUsUser” so that you won’t get it confused with other actual users. Once you’ve created the user, you’ll want to record the access key ID and secret.

docs/../../../_static/img/aws_iam_credentials.png

You’ll need these values later to use Oauth.Us.

Set the Policy


Each IAM user can perform specific operations on your AWS account depending on the permissions you give it. We’ll need specific permission for Oauth.Us to work. To set the permissions, select the proper IAM user and find the Inline Policies section. Create a new inline policy and select Custom Policy. In the policy document, copy the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "cloudformation:CreateStack",
                "cloudformation:DeleteStack",
                "cloudformation:Describe*",
                "cloudformation:GetTemplate",
                "cloudformation:List*"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "iam:Get*",
                "iam:List*"
            ],
            "Resource": "*"
        }
    ]
}

Once you’ve specified the policy, head over back to the Oauth.Us documentation to start creating your own OAuth providers.