From 821fe3147e4e418385c411fdb8a385fb936495e5 Mon Sep 17 00:00:00 2001
From: Benjamin Moody <benjaminmoody@gmail.com>
Date: Fri, 27 Sep 2024 13:06:50 -0400
Subject: [PATCH] edit_cloud: add links to instructions for using AWS CLI.

We need to tell people that they need to be using an IAM user.

We also need to tell them explicitly to enable "S3 full access": if
your user doesn't have an IAM user policy that says they can access
S3, then that user cannot access S3 resources in other AWS accounts,
regardless of those resources' policies.  (This is weird and
surprising, because you can access S3 resources in your own account in
that case; it's also weird and surprising that the default IAM user is
forbidden from doing things that anonymous users are allowed to do.)
---
 .../user/templates/user/edit_cloud.html       | 50 ++++++++++++++++++-
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/physionet-django/user/templates/user/edit_cloud.html b/physionet-django/user/templates/user/edit_cloud.html
index 7a4f48a027..201275b1b6 100644
--- a/physionet-django/user/templates/user/edit_cloud.html
+++ b/physionet-django/user/templates/user/edit_cloud.html
@@ -27,6 +27,27 @@ <h2 id="aws">Amazon Web Services</h2>
   <form action="" method="post">
     {% csrf_token %}
     {% if user.cloud_information.aws_verification_datetime %}
+      <hr>
+      <p>
+        To access {{ SITE_NAME }} resources via Amazon Web Services:
+      </p>
+      <ol>
+        <li>
+          <a href="https://aws.amazon.com/cli/"
+             target="_blank">
+            Install the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface.
+          </a>
+        </li>
+        <li>
+          <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-user.html"
+             target="_blank">
+            Configure the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface to use the identity shown below.
+          </a>
+        </li>
+      </ol>
+
       <div class="card">
         <ul class="list-group list-group-flush">
           <li class="list-group-item">
@@ -72,10 +93,35 @@ <h5 class="modal-title" id="delete-aws-modal-title">Remove <abbr title="Amazon W
       {# modal end #}
     {% else %}
       <hr>
-      <p>To link your Amazon Web Services account using the
-        <a href="https://aws.amazon.com/cli/"><abbr title="Amazon Web Services">AWS</abbr> Command Line Interface</a>:
+      <p>
+        To access {{ SITE_NAME }} resources via Amazon Web Services:
       </p>
       <ol>
+        <li>
+          <a href="https://aws.amazon.com/resources/create-account/"
+             target="_blank">
+            Create an Amazon Web Services account.
+          </a>
+        </li>
+        <li>
+          <a href="https://aws.amazon.com/cli/"
+             target="_blank">
+            Install the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface.
+          </a>
+        </li>
+        <li>
+          <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-user.html"
+             target="_blank">
+            Configure the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface to use
+            <abbr title="Identity and Access Management">IAM</abbr> user credentials.
+          </a>
+          <br>
+          <strong>Note:</strong> when selecting &ldquo;Permission
+          options&rdquo; for the user, you must enable
+          the <code>AmazonS3FullAccess</code> policy.
+        </li>
         <li>
           Open a terminal and run the following command:
           <pre><code>aws sts get-caller-identity</code></pre>