Client AWS Account
It is advised not to tamper test nodes during execution.
Requirements from client
- AWS account id (12 digit number)
- API access key ID
- API access key secret
AWS account should have two policies attached:
AmazonEC2FullAccessAmazonS3FullAccess
The account should have Hong Kong region enabled, otherwise Loadero will not
be able to use that account.
Each of these requirements is necessary for node setup in the client's environment. Since we need to prepare media files and dependencies, that take up a lot of space, it is unreasonable to create launcher scripts that would prepare all this environment for each new test run.
Security concerns
Handing out API access key ID and secret may seem like a direct security hole. But all of this is necessary for us to launch tests on the client's AWS.
For additional security, a new IAM user should be created for the sole purpose of running Loadero tests. This user will not have access to any nodes launched from other users and environments, thus limiting any possible out of scope actions for Loadero. Also, having a separate IAM role will allow the main user to control billing and running nodes that are launched by Loadero account.