AWS
A required cloud provider where infrastructure can be deployed.
One of the first steps to be taken once Forge is configured is to connect either an AWS or DigitalOcean account. At least one cloud provider must be connected to use Forge, since it is required for deploying infrastructure.
AWS IAM Roles
If your Lodestar Forge deployment is running on an EC2 instance, you can use attached IAM roles to authenticate with AWS.
Recommended
Where possible, IAM roles should be the preferred method of authentication since it eliminates the need for AWS Access Keys to be stored in the Forge database.
AWS Access Keys
Alternatively, the AWS integration supports an AWS Access Key ID, and AWS Secret Access Key. Whilst this documentation does not cover how to create AWS Access Keys, you can find instructions on how to do so here.
Both the Access Key ID and Secret Access Key are encrypted and stored securely in the Forge database.
AWS User Permissions
It is recommended to create a dedicated AWS user following the principle of least privilege. The permissions assigned to the user will depend on the specific needs of your infrastructure and therefore, we cannot provide guidance on the exact permissions required.
Note
Taking the above into consideration, it is possible to connect multiple AWS accounts to Forge. Therefore, specific accounts with different permissions can be utilised for different purposes.
The only permission required by Forge is ec2:DescribeImages. This is needed for Forge to work correctly.
Add an AWS Integration
To add an AWS integration into Forge, simply follow the steps below.
- Select your account in the bottom left corner of the Forge dashboard.
- Click the "Settings" button.
- Select the "integrations" tab, then "Add Integration".
- Complete the form to add your AWS integration.
Note
You can test your AWS integration by clicking the "Test" button before saving.