Amazon Web Services

Amazon Web Services (AWS) is a giant in the cloud computing world, offering a vast array of services, unmatched scalability, and incredible reliability. From startups to global enterprises, many rely on AWS to power their applications.

So, where does Daestro fit in?

While AWS is powerful, managing its resources directly can sometimes be complex. Daestro acts as your mission control center, simplifying the entire process.

Simplicity: We provide a clean, simple interface to launch and manage AWS servers (known as EC2 instances) without you needing to be an AWS expert.
Multi-Cloud Ready: If you use other providers like DigitalOcean or Linode, Daestro gives you a single place to manage jobs across all of them, including AWS.
Focus on Your Work: Spend less time configuring infrastructure and more time on what matters—your jobs and applications.

Let’s get your AWS account connected!

Step 1: Create an Access Key in Your AWS Account

To allow Daestro to manage resources on your behalf, you need to create a special user with specific permissions in your AWS account. This ensures Daestro has only the access it needs and nothing more.

Log in to your AWS Console.
Navigate to the IAM (Identity and Access Management) service. You can find it by typing IAM in the main search bar.
In the IAM dashboard, click on Users in the left-hand menu and then click the Create user button.
Set user details:
- Give your user a descriptive name, like daestro-integration-user.
- Do not check the box for “Provide user access to the AWS Management Console”. This user is for programmatic access only.
- Click Next.
Set permissions:
- Select Attach policies directly.
- For most users, the simplest policy is AmazonEC2FullAccess. In the search box, type this and check the box next to it.
- Click Next.

Advanced: Creating a Custom IAM Policy (Recommended)

For enhanced security, you can create a custom policy that grants Daestro only the minimum permissions required to operate within a specific region.

On the Set permissions page, select Create policy. This will open a new tab.
Click on the JSON tab.

Delete the existing content and paste the following JSON code. Remember to replace "us-east-1" with the AWS region you intend to use.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "DaestroCorePermissions",
      "Effect": "Allow",
      "Action": [
        "ec2:RunInstances",
        "ec2:TerminateInstances",
        "ec2:CreateTags",
        "ec2:DescribeInstances",
        "ec2:DescribeInstanceStatus",
        "ec2:DescribeRegions",
        "ec2:DescribeInstanceTypes",
        "ec2:CreateVolume",
        "ec2:DeleteVolume",
        "ec2:AttachVolume",
        "ec2:DetachVolume",
        "ec2:DescribeVolumes",
        "ec2:CreateNetworkInterface",
        "ec2:DeleteNetworkInterface",
        "ec2:DescribeNetworkInterfaces"
      ],
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:Region": "us-east-1"
        }
      }
    }
  ]
}

Click Next: Tags, then Next: Review.
Give the policy a name, like Daestro-EC2-Restricted-Policy, and click Create policy.
Close this tab and return to the IAM user creation tab. Click the refresh button and search for the policy you just created. Check the box next to it.

Important: If you use a custom region-locked policy, remember that when you create Compute Environments in Daestro, you must select the region your policy is authorized for. Otherwise, your jobs will fail.

Review and Create: On the final screen, review the details and click Create user.
Save Your Credentials: You will now be taken to a page showing the Access key ID and a Secret access key. This is the only time you will see the secret key.
- Click Show under Secret access key.
- Copy both the Access key ID and the Secret access key and store them in a secure place. You’ll need them for the next step.

Step 2: Add Your AWS Credentials to Daestro

Now that you have your access keys from AWS, let’s add them to Daestro.

Log in to your Daestro Console.
Navigate to the Cloud Auth section from the main menu.
Click Add New and select AWS from the list of providers.
Fill in the form:
- Cloud Auth Name: Give this connection a memorable name, like My AWS Account.
- Access Key ID: Paste the Access key ID you copied from AWS.
- Secret Access Key: Paste the Secret access key you copied from AWS.

🔒 Your Security is Our Priority The credentials you save in Daestro are always encrypted using industry-standard AES-256 encryption when stored (“at rest”) and are protected by TLS encryption during transmission (“in transit”).

Click Save.

Congratulations! You’ve successfully and securely linked your AWS account to Daestro.

Step 3: Create Your First AWS Compute Environment

A “Compute Environment” in Daestro is the virtual server where your jobs will actually run. Let’s create one using the AWS connection you just set up.

In the Daestro Console, navigate to the Compute Environment section.
Click Create New.
Configure your server:
- Name: Give your environment a descriptive name, like aws-us-east-prod.
- Cloud Auth: Select the AWS credential you just created (e.g., My AWS Account).
- Instance Type: Choose the size of the server. This determines the CPU, RAM, and cost. For testing, a small instance like t2.micro or t3.micro is a good, low-cost starting point.
- Location: Select the AWS region where you want to launch your server (e.g., us-east-1, eu-west-2).
- Storage (GB): Specify the size of the server’s hard drive (EBS volume) in gigabytes.
- Assign Public IPv4: Check this box if your job needs to be accessible from the public internet. Note: AWS now charges for public IPv4 addresses, so only enable this if necessary to control costs.
Click Create.

Daestro will now provision a new EC2 instance in your AWS account with the specifications you provided. Once the status shows as “Ready,” you can start assigning jobs to it.

Table of Contents

Step 1: Create an Access Key in Your AWS Account

Step 2: Add Your AWS Credentials to Daestro

Step 3: Create Your First AWS Compute Environment