# Setting Up AWS Using The CLI For Platform9 Managed Kubernetes
This article describes how to configure AWS so that we can add it as a Cloud Provider for Platform9 Managed Kubernetes (PMK). We will add a user, group, policy, EC2 key pair, and a domain to our account. There are a few prerequisites that need to be met before we get started.
## Prerequisites
* An AWS [Administrative User](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html) or Account with IAM Admin Permissions
* AWS CLI installed
* A registered Domain Name (optional - Register a domain through Route53)
## Configure CLI
Once the administrative user has been created, and the CLI has been installed, we can move on to configuring the CLI. To configure the CLI we will need our Access Key ID and Secret Access Key. In this guide we are going to use the us-west-2 region as the default.
{% tabs %}
{% tab title="AWS Configure" %}
```bash
aws configure
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Output" %}
```bash
AWS Access Key ID [None]: (Access Key ID)
AWS Secret Access Key [None]: (Secret Key)
Default region name [None]: us-west-2
Default output format [None]: (enter)
```
{% endtab %}
{% endtabs %}
For a full CLI reference refer to: (optional)
## Setup User
This user account will be used to configure access for the AWS Cloud Provider in PMK.
### Create User
{% tabs %}
{% tab title="Create User" %}
```bash
aws iam create-user --user-name Platform9
```
{% endtab %}
{% endtabs %}
### Create Access Key and save it to platform9.json
We will create an access key for the user and save it to a platform9.json file so that we can reference it when setting up the AWS Cloud Provider in PMK.
{% tabs %}
{% tab title="Create Access Key" %}
```bash
aws iam create-access-key --user-name Platform9 >> platform9.json
```
{% endtab %}
{% endtabs %}
## Setup Group
We are using a group for policy attachment instead of applying it directly to a user. This can be beneficial in case we want to add additional users with the same permission set, instead of having to apply the policy to each user individually.
### Create Group
{% tabs %}
{% tab title="Create Group" %}
```bash
aws iam create-group --group-name Platform9
```
{% endtab %}
{% endtabs %}
### Add User to Group
{% tabs %}
{% tab title="Add User to Group" %}
```bash
aws iam add-user-to-group --group-name Platform9 --user-name Platform9
```
{% endtab %}
{% endtabs %}
## Setup Policy
The policy will be used to configure the required permissions needed by PMK to deploy Kubernetes clusters in AWS.
### Download the aws-policy.json file
The aws-policy.json file will allow for adding the permissions needed without having to add each permission individually.
{% tabs %}
{% tab title="Download Policy json" %}
```bash
wget https://raw.githubusercontent.com/platform9/support-locker/master/pmk/aws-policy.json
```
{% endtab %}
{% endtabs %}
### Create Policy based on aws-policy.json
We need to create a new policy so that we can attach it to the group. Create the policy and save the output to policy-info.json so that the ARN can be referenced for additional commands.
{% tabs %}
{% tab title="Create Policy" %}
```bash
aws iam create-policy --policy-name Platform9 --policy-document file://aws-policy.json >> policy-info.json
```
{% endtab %}
{% endtabs %}
View details about the policy (optional)
{% tabs %}
{% tab title="Get Policy" %}
```bash
aws iam get-policy --policy-arn $ARN
```
{% endtab %}
{% endtabs %}
### Attach Policy to the Group
{% tabs %}
{% tab title="Attach Policy" %}
```bash
aws iam attach-group-policy --group-name Platform9 --policy-arn $ARN
```
{% endtab %}
{% endtabs %}
View policies attached to the group (optional)
{% tabs %}
{% tab title="View Policies attached to Group" %}
```bash
aws iam list-attached-group-policies --group-name Platform9
```
{% endtab %}
{% endtabs %}
## Create EC2 Key Pair
The region we are using in this guide is us-west-2. If a different region is required, replace the region name used for the `--region` flag.
{% tabs %}
{% tab title="Create EC2 Key Pair" %}
```bash
aws ec2 create-key-pair --key-name Platform9 --region us-west-2
```
{% endtab %}
{% endtabs %}
## Route53 Setup
### Add Domain / Hosted Zone
A Route53 hosted zone is needed to configure the AWS Cloud Provider. Replace `$HOSTEDZONE` with the hosted zone being used for this deployment. A hosted zone is usually a domain name or FQDN.
{% tabs %}
{% tab title="Create Hosted Zone" %}
```bash
aws route53 create-hosted-zone --name $HOSTEDZONE --caller-reference Platform9DomainSetup
```
{% endtab %}
{% endtabs %}
### Get NS for the domain
First we need to find the id of our hosted zone. Find the recently added hosted zone in the `list-hosted-zone` output and note the id.
{% tabs %}
{% tab title="List Hosted Zones" %}
```bash
aws route53 list-hosted-zones
```
{% endtab %}
{% endtabs %}
Next we will run `get-hosted-zone` on the `id` which will output the Nameservers for our Route53 hosted zone.
{% tabs %}
{% tab title="Get Hosted Zone NS" %}
```bash
aws route53 get-hosted-zone --id
```
{% endtab %}
{% endtabs %}
Modify the Nameservers for your domain through the registrar. [Use an already registered domain.](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/migrate-dns-domain-in-use.html)
Register your domain through Route53 (This is an optional step. Do this if you want your PMK cluster API server endpoint to have an FQDN that uses your specific domain. If you do not configure this, the PMK cluster API server end point will be the url corresponding to the ELB auto generated domain name)
And now your AWS account is ready to be added as a cloud provider to PMK!
## Next Steps
Follow these steps to [Create a new PMK AWS cloud provider](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/add-aws-cloud-provider/README.md) and then [Create a Kubernetes cluster using PMK](https://github.com/platform9/pcd-docs-gitbook/blob/main/kubernetes/create-cluster-aws/README.md)
## Cleanup
If you want to remove your AWS cloud provider you created for PMK, and remove the additions we made in this guide, follow the steps outlined below.
### Route53 Cleanup
{% tabs %}
{% tab title="List Hosted Zones" %}
```bash
aws route53 list-hosted-zones
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Delete Hosted Zone" %}
```bash
aws route53 delete-hosted-zone --id $HOSTEDZONEID
```
{% endtab %}
{% endtabs %}
### Key Pair Cleanup
Describe the key pair (optional)
{% tabs %}
{% tab title="Describe Key Pairs" %}
```bash
aws ec2 describe-key-pairs
```
{% endtab %}
{% endtabs %}
Delete the key pair
{% tabs %}
{% tab title="Delete Key Pair" %}
```bash
aws ec2 delete-key-pair --key-name Platform9
```
{% endtab %}
{% endtabs %}
### Policy Cleanup
{% tabs %}
{% tab title="List Policies" %}
```bash
aws iam list-policies
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Detach Policy" %}
```bash
aws iam detach-group-policy --group-name Platform9 --policy-arn $POLICYARN
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Delete Policy" %}
```bash
aws iam delete-policy --policy-arn POLICY-ARN
```
{% endtab %}
{% endtabs %}
### Group Cleanup
{% tabs %}
{% tab title="Remove User From Group" %}
```bash
aws iam remove-user-from-group --group-name Platform9 --user-name Platform9
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Delete Group" %}
```bash
aws iam delete-group --group-name Platform9
```
{% endtab %}
{% endtabs %}
### User Cleanup
{% tabs %}
{% tab title="List Access Keys for User" %}
```bash
aws iam list-access-keys --user Platform9 (note the AccessKeyId)
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Delete Access Key" %}
```bash
aws iam delete-access-key --access-key-id $ACCESSKEYID --user-name Platform9
```
{% endtab %}
{% endtabs %}
{% tabs %}
{% tab title="Delete User" %}
```bash
aws iam delete-user --user-name Platform9
```
{% endtab %}
{% endtabs %}