edit_cloud: add links to instructions for using AWS CLI.

We need to tell people that they need to be using an IAM user. We also need to tell them explicitly to enable "S3 full access": if your user doesn't have an IAM user policy that says they can access S3, then that user cannot access S3 resources in other AWS accounts, regardless of those resources' policies. (This is weird and surprising, because you can access S3 resources in your own account in that case; it's also weird and surprising that the default IAM user is forbidden from doing things that anonymous users are allowed to do.)
MIT-LCP · Sep 27, 2024 · 821fe31 · 821fe31
1 parent a276764
commit 821fe31
Showing 1 changed file with 48 additions and 2 deletions.
diff --git a/physionet-django/user/templates/user/edit_cloud.html b/physionet-django/user/templates/user/edit_cloud.html
@@ -27,6 +27,27 @@ <h2 id="aws">Amazon Web Services</h2>
   <form action="" method="post">
     {% csrf_token %}
     {% if user.cloud_information.aws_verification_datetime %}
+      <hr>
+      <p>
+        To access {{ SITE_NAME }} resources via Amazon Web Services:
+      </p>
+      <ol>
+        <li>
+          <a href="https://aws.amazon.com/cli/"
+             target="_blank">
+            Install the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface.
+          </a>
+        </li>
+        <li>
+          <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-user.html"
+             target="_blank">
+            Configure the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface to use the identity shown below.
+          </a>
+        </li>
+      </ol>
+
       <div class="card">
         <ul class="list-group list-group-flush">
           <li class="list-group-item">
@@ -72,10 +93,35 @@ <h5 class="modal-title" id="delete-aws-modal-title">Remove <abbr title="Amazon W
       {# modal end #}
     {% else %}
       <hr>
-      <p>To link your Amazon Web Services account using the
-        <a href="https://aws.amazon.com/cli/"><abbr title="Amazon Web Services">AWS</abbr> Command Line Interface</a>:
+      <p>
+        To access {{ SITE_NAME }} resources via Amazon Web Services:
       </p>
       <ol>
+        <li>
+          <a href="https://aws.amazon.com/resources/create-account/"
+             target="_blank">
+            Create an Amazon Web Services account.
+          </a>
+        </li>
+        <li>
+          <a href="https://aws.amazon.com/cli/"
+             target="_blank">
+            Install the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface.
+          </a>
+        </li>
+        <li>
+          <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-user.html"
+             target="_blank">
+            Configure the <abbr title="Amazon Web Services">AWS</abbr>
+            Command Line Interface to use
+            <abbr title="Identity and Access Management">IAM</abbr> user credentials.
+          </a>
+          <br>
+          <strong>Note:</strong> when selecting &ldquo;Permission
+          options&rdquo; for the user, you must enable
+          the <code>AmazonS3FullAccess</code> policy.
+        </li>
         <li>
           Open a terminal and run the following command:
           <pre><code>aws sts get-caller-identity</code></pre>