Skip to content

Setup

Jump to bottom
Brandon Willett edited this page Oct 24, 2020 · 2 revisions

Setup

These instructions are here if you need help creating the access keys for Cardi, which are essentially the "username and password" that let Cardi create and update resources directly in your personal AWS account. No middle-man necessary!

Introduction

The only thing Cardi needs to start keeping notes is a set of AWS access keys.

Don't worry if you haven't done this before -- assuming you have an AWS account and have used the service before, nothing here should be foreign or confusing.

These keys will be used to communicate with the AWS DynamoDB API, in order to create, update, and query snippets on your behalf. And because DynamoDB has a generous free tier (up to hundreds of millions of calls per month), you'd have to try very hard in order for this to not be free.

Note: AWS provides many cloud services in addition DynamoDB which have the potential to be extremely not free. Access keys created in AWS can have any set of permissions you choose, including permissions to create these expensive cloud resources.

Cardi is open-source, so you can verify that it will never attempt to create resources like this. Even so, overly-permissive access keys are just plain dangerous to have lying around, so please follow the instructions below to create limited access keys that only allow the AWS actions Cardi needs to perform.

Step by Step

  1. Go to aws.amazon.com/console, Amazon's cloud computing hub, and log in

  2. Type IAM (short for "Idenity and Access Management") into the "Find Services" box, and hit enter

  3. On the IAM home page, click Users in the sidebar, then Add User at the top of the screen

  4. Name the user cardi, check the Programmatic Access box, then continue

  5. Select the Attach existing policies directly tab

  6. Input DynamoDB into the search box, then select the preset AmazonDynamoDBFullAccess policy

  7. Click Next, then Next (we don't need any tags), then Create User

  8. You're done! Copy down the access key and secret key somewhere safe (like a password manager), then log into Cardi

Note: If you're familiar with AWS, you may check the policy from Step 6 and find that it gives a few more permissions than just RW to DynamoDB (for example, RW access to Lambda). If this bothers you, feel free to create a new policy, that only allows RW access to DynamoDB and nothing else, and attach that policy to the user instead -- everything will still work fine!

Clone this wiki locally