@@ -8,7 +8,8 @@ If you do not have an Amazon Web Services (AWS) account yet, first sign up as de
## AWS Setup for BCD
In order to use Amazon EC2 instances, some configuration steps need to be performed as a prerequisite.
The following steps are required to set up AWS credentials for Ansible automation.
The following steps are the basic requirements to set up AWS credentials for Ansible automation.
Further configuration instructions for **AWS SIngle Sign-On** can be found [on this page](aws_sso.md).
1.[Create an IAM Policy](http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html) to grant full access to Amazon EC2 on a specific region (eg. us-west-2)
In this step we will provide you an example using G Suite from Google.
First, set up a Single Sign-On to AWS using G Suite as described in [AWS website](https://aws.amazon.com/es/blogs/security/how-to-set-up-federated-single-sign-on-to-aws-using-google-apps/).
The BCD Controller already embeds [aws-google-auth](https://github.com/cevoaustralia/aws-google-auth) to manage the authentication.
You will need to know Google's assigned Identity Provider ID (idp-id) and the ID assigned to the SAML service provider (sp-id).
`idp-id` can be found on Google Admin `Security > Set up single sign-on (SSO)` page in the SSO url provided. For instance: `https://accounts.google.com/o/saml2/idp?idpid=123456789012`
`sp-id` can be found into the URL of your browser when viewing Google Admin `Apps > SAML Apps > Amazon Web Services` page. For instance: `#AppDetails:service=123456789012`
After launching the BCD Controller you will have to authenticate yourself as below: