Connecting your AWS account

Python Deploy requires access to you AWS account in order to create and configure all the resources that you need to run your Python application.

To access your account we use delegated access. This means that you do not have to give us the credentials to your account.

Creating the AWS Role

To grant us access follow these steps:

  1. Go to your AWS Identity and Access Management console.
  2. Click on Roles
  3. Select Create role.
  4. Choose Another AWS account.
  5. Put PythonDeploy's account number in "Account ID". It is very important that you use the correct number. You can verify our account number inside your PythonDeploy dashborad. It will be shown next to the field where you need to put the created AWS role ARN.
  6. Leave all other options unselected and click "Next: Permissions".
  7. In the "Attach permissions policies" section search for "AdministratorAccess" and select it.
  8. Click "Next: Review" (You can add tags if it helps you classify your Roles, but this is not required).
  9. Give this role a name that helps you remember who is using it. We recommend "PythonDeploy" or something similar, and click "Create role".

You will now be presented with the lists of roles that you have in your account. Click (open) the one you just created, and copy its "arn", it should look something like this:

  • "arn:aws:iam::000000000000:role/PythonDeploy"

Add this value when connecting your AWS account to PythonDeploy.

This will allow us to create temporary credentials that expire automatically.

Why AdministratorAccess

Python Deploy manages different resources across multiple AWS services, and the list will continue to grow with time. The most convinient way of ensuring that we can configure your environment is granting AdministratorAccess. If you want, it is possible to create a sub-account only for PythonDeploy, and that way we only have access to the resources that we create and manage for you.

Revoking access

If at some point you want to revoke access from PythonDeploy to your account, you only need to delete the Role. (We might still have access while the temporary credentials expire, but this will never be more than 1 hour.)

Something missing? → [email protected]