Amazon cloud assistant applet is coming!

Service alarm , If you don't pay attention, your previous work will be abandoned ？

On the way to work , It's not easy to free your hands ？

Travel vacation , Don't want to bind with the computer ？

Amazon cloud assistant applet , Save your perfect vacation ！

Whenever and wherever possible , Easily manage Amazon cloud resources ~

You can implement it through the cloud assistant applet ：

1、 Password free login

Bind wechat and IAM Role in the future , You can log in to Amazon cloud computing account without password in wechat applet . Your login process will be handled by Amazon Cognito be responsible for , There is no hidden danger of password leakage .

2、 Track service fees

Check your... In Ningxia at any time （cn-northwest-1） Cost details of .

3、 Receive alarms

receive Amazon CloudWatch Service alarm information sent .

4、 Tracking status

Track customer support cases （support case） state .

Come and login to Amazon cloud assistant with wechat one click , Unlock “ cloud ” Manage new poses ！

Please follow the following steps to complete the joint login settings , There is no need to repeat the settings .

For details, click the video below or read the pictures and texts to operate ~

* Click full screen mode to view clear content

One 、 Create Amazon cloud assistant

Authority strategy （Policy）

First , IT The administrator needs to create a permission policy , To give Amazon cloud assistant access to the enterprise IAM Account （IAM Account） Under the permission of Amazon cloud technology cloud service . This operation is for each IAM Account It only needs to be executed once , If your IAM Account You have the permission policy required by Amazon cloud assistant , Please skip this step . But if your enterprise wants to subdivide management permissions , You can also create multiple policies .

1. Enter the policy management interface （ Please copy the link to the browser to visit ）

https://console.amazonaws.cn/iamv2/home#/policies

2. Click create policy （Create Policy）

3. Click on the label JSON, Use the predefined permission policy of Amazon cloud assistant to overwrite the original content . The predefined policy includes all the permissions required by Amazon cloud assistant ,IT Administrators can modify this policy to further restrict the permissions of wechat users . for example ： Delete "ce:GetCostAndUsage" and "ce:GetCostForecast" after , Wechat users will not be able to query the expense report .

{
    "Version":"2012-10-17",
    "Statement": [
        {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [
           "support:DescribeCommunications",
           "support:AddCommunicationToCase",
            "support:ResolveCase",
            "support:DescribeCases",
           "cloudwatch:DescribeAlarms",
            "ce:GetCostAndUsage",
           "cloudwatch:GetMetricStatistics",
            "ce:GetCostForecast"
            ],
        "Resource": "*"
        }
    ]
}

* Slide left to see more

4. Click next ： label （Next: Tags）

5. Click next ： to examine （Next: Review)

6. In the name （Name） Column , For new Policy Give a name , Click create policy （Create Policy）. On this page, you can see the permissions that Amazon cloud assistant will be given

Two 、 Create Amazon cloud assistant

 IAM role （IAM Role）

establish IAM After the strategy ,IT The administrator also needs to create a widget for Amazon cloud assistant IAM Role. This operation is for each IAM Account It only needs to be executed once , If your IAM Account You already have what Amazon cloud assistant needs IAM Role, Please skip this step . But if your business has more than 50 Amazon cloud assistant users , You need to create multiple IAM Role.

1. Get into IAM Role Management interface （ Please copy the link to the browser to visit ）

https://console.amazonaws.cn/iamv2/home#/roles

2. Click create character （Create Role）

3. Select the trusted entity type （Trust entity type） Customize the trust policy （Custom trust policy）, And use the predefined trust policy of Amazon cloud assistant in the text box to overwrite the original content . Amazon cloud assistant uses Amazon Cognito Identity services provided , The identity pool information is shown below ：

• Identity Provider URL: cognito-identity.amazonaws.com

• Identity Pool ID: cn-north-1:72977485-3f04-4b8c-b719-3a119663812e

  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": {
          "Federated":"cognito-identity.amazonaws.com"
        },
        "Action":"sts:AssumeRoleWithWebIdentity",
        "Condition": {
          "StringEquals": {
           "cognito-identity.amazonaws.com:aud": "cn-north-1:72977485-3f04-4b8c-b719-3a119663812e"
          },
          "ForAnyValue:StringEquals": {
           "cognito-identity.amazonaws.com:amr": "WeChat"
          },
          "ForAnyValue:StringLike": {
           "cognito-identity.amazonaws.com:amr": [
            ]
          }
        }
      }
    ]
  }

* Slide left to see more

4. Click next （Next）, Enter the add permission page （Add permissions）

5. Select the permission policy just generated , Click next （Next）

6. In the role name column （Role name） in , Give the character a name , Click create character （Create role）

7. （ Optional ） Record IAM Role ARN

a. Get into IAM Role Management interface （ Please copy the link to the browser to visit ）
https://console.amazonaws.cn/iamv2/home#/roles

b. Click the role just created , Get into IAM Role Details page

c. take IAM Role and IAM Role ARN Record in the internal system , You need it to bind wechat users in the future

3、 ... and 、 Bind wechat users

We need wechat users and IT The common operation of administrators to bind wechat users and IAM Role.

1. Wechat users get the joint login user code

a. On the user login page of Amazon cloud assistant applet , Click below “ Log in to other Amazon cloud users ”, Enter the setup joint login page

b. Record the joint login user code . The joint login user code is generated by Amazon cloud assistant for you 8 Bit uppercase string

c. Send your co login user code , Apply for management IAM The account and administrative authority are sent to IT The administrator applies for binding

2. IT The administrator binds wechat users

a. Obtain the corresponding information in the enterprise information system according to the user's Application IAM Role

b. Get into IAM Role Management interface （ Please copy the link to the browser to visit ）

https://console.amazonaws.cn/iamv2/home#/roles

c. Click and IAM Role ARN Corresponding IAM Role, Enter the role details page

d. Click trust relationship （Trust relationships） TAB , Click Edit trust policy （Edit trust policy）

e. Add the joint login code of wechat users to "cognito-identity.amazonaws.com:amr" Field , When entering the joint login code , Please note that “*:”. In the following example , We have bound two wechat users , Their joint login codes are "ABCDEFGH" and "AABBCCDD". Be careful ： every last IAM Role Can bind up to 50 Wechat users , If your enterprise has more than 50 Amazon cloud assistant applet users , You need to create multiple IAM Role

{

    "Version":"2012-10-17",

    "Statement": [

        {

            "Effect":"Allow",

            "Principal": {

                "Federated":"cognito-identity.amazonaws.com"

            },

            "Action":"sts:AssumeRoleWithWebIdentity",

            "Condition": {

                "StringEquals": {

                   "cognito-identity.amazonaws.com:aud":"cn-north-1:72977485-3f04-4b8c-b719-3a119663812e"

                },

               "ForAnyValue:StringEquals": {

                   "cognito-identity.amazonaws.com:amr": "WeChat"

                },

               "ForAnyValue:StringLike": {

                   "cognito-identity.amazonaws.com:amr": [

                       "*:ABCDEFGH",

                       "*:AABBCCDD"

                   ]

                }

            }

        }

    ]

}

* Slide left to see more

f. Click Update Strategy （Update policy）. to update IAM Role after , The system needs about 1 Minutes to synchronize data , After that, wechat users can log in to Amazon cloud assistant applet

g. Record wechat users in the internal system , Joint login user code and IAM Role Binding relationship of . You need to use this information when unbinding users in the future

h. take IAM Role ARN Send to user

3. Wechat user input IAM Role ARN

a. On the user login page of Amazon cloud assistant applet , Click below “ Log in to other Amazon cloud users ”, Enter the setup joint login page

b. Click below “ Federated login has been set ”, Enter fill ARN Information page

c. Fill in IT The administrator sent you IAM Role ARN

d. After Amazon cloud assistant prompts that the binding is successful , Wechat users can use Amazon cloud assistant

Identify the applet code below ,  Get into Amazon cloud assistant Applet , Wonderful content one key unlock ~

Simple operation , Infinite convenience ~ Come together “ cloud ” management ！

We will also continue to enrich the functions of applets in the future , Please continue to follow Amazon cloud developer official account for the latest information .

hear , Click below 4 Button

You won't encounter bug 了 ！