Client AWS account

Loadero offers an option for clients to use their own AWS accounts to run test nodes. This allows for more control over node billing and management.

It is advised not to tamper test nodes during execution.

Requirements from client

  • AWS account id (12 digit number)

  • API access key ID

  • API access key secret

AWS account should have two policies attached:

  • AmazonEC2FullAccess

  • AmazonS3FullAccess

The account should have Hong Kong region enabled, otherwise Loadero will not be able to use that account.

Each of these requirements is necessary for node setup in the client's environment. Since we need to prepare media files and dependencies, that take up a lot of space, it is unreasonable to create launcher scripts that would prepare all this environment for each new test run.

Security concerns

Handing out API access key ID and secret may seem like a direct security hole. But all of this is necessary for us to launch tests on the client's AWS.

For additional security, a new IAM user should be created for the sole purpose of running Loadero tests. This user will not have access to any nodes launched from other users and environments, thus limiting any possible out of scope actions for Loadero. Also, having a separate IAM role will allow the main user to control billing and running nodes that are launched by Loadero account.