AWS integration

Link an AWS account with access keys so dFlow can manage EC2 and related resources where the product supports it.

Written By Zoro

Last updated 3 days ago

Linking AWS

Linking AWS lets dFlow use your account for workflows that provision or manage EC2 (and related) resources from the dashboard. Exact capabilities follow the product UI; treat this guide as the credential and permission baseline.

Cloud provider accounts in general (naming, rotation, scope) are described in Cloud provider accounts. Network rules for instances are separate; see Security groups under Security and Team Management in the sidebar and SSH keys under Security and Team Management in the sidebar for Worker Nodes.

Before you start

  • An AWS account where you may create IAM users or roles and access keys.
  • Understanding that long-lived access keys are sensitive; prefer rotation and least privilege. See Integration permissions and prerequisites.
  • Roles and permissions under Security and Team Management in the sidebar in dFlow: only trusted Organisation members should add cloud credentials.

1. Create an IAM identity for dFlow

Use a dedicated IAM user (or automation principal your org allows) rather than root account keys.

  1. AWS IAM β†’ Users β†’ Create user.
  2. Attach policies that allow EC2 management tasks dFlow performs. A common starting point for full EC2 lifecycle in test environments is AmazonEC2FullAccess, but your security team may require a custom policy with narrower API actions and resource ARNs.

Work with your cloud admin to align with your Organisation’s least-privilege standard. If the UI lists specific required actions, mirror those in IAM.

  1. Open the user β†’ Security credentials β†’ Create access key.
  2. Choose use case Other (or Application running outside AWS), confirm, optionally set a description.
  3. Copy Access key ID and Secret access key once.

2. Connect AWS in dFlow

  1. Open Integrations.
  2. On the AWS card, open Settings β†’ Connect account (labels may vary slightly).
  3. Enter a name for this account (for example production-ec2).
  4. Paste Access key ID and Secret access key.
  5. Save.

Expected outcome: The account shows as connected and AWS-backed flows in the UI (for example adding an AWS Worker Node or managed resource) can proceed.

3. Verify and operate safely

  • Rotate keys on a schedule and after personnel changes. Update the integration in dFlow with the new pair; delete old keys in IAM.
  • Do not commit keys to Git or Service variables without secret() patterns; prefer the integration store. See Service settings under Services in the sidebar and Security best practices under Security and Team Management in the sidebar.
  • Region and VPC choices happen in the AWS flows the product opens after the account links; keep Security groups aligned with required ports for dFlow and your apps.

Permission errors

SymptomWhat to check
Access denied on EC2 APIsIAM policy missing actions or constrained to wrong region or resource ARN.
Invalid security token or signatureWrong secret, clock skew (rare), or key deactivated.
Account connects but provisioning failsService quotas, Security group rules, or subnet routing; see Compute and worker node issues under Troubleshooting in the sidebar.

Related