CloudThinker Tutorial 2025: How to set up credentials for AWS

Connect AWS to CloudThinker in Minutes

Ready to transform your cloud operations with AI-powered automation? This tutorial shows you exactly how to connect your AWS account to CloudThinker's intelligent cloud management platform.

What You'll Learn

In this step-by-step guide, you'll discover how to:

• Create an IAM user with least-privilege permissions
• Generate AWS Access Key ID and Secret Access Key
• Configure your CloudThinker workspace with AWS credentials
• Verify the connection and ensure secure integration
• Follow security best practices for credential management

Watch the Tutorial

---

Step-by-Step Guide

Prefer reading? Follow the written instructions below.

Step 1: Create an IAM User in AWS

1. Sign in to the AWS Management Console
2. Navigate to IAM (Identity and Access Management)
3. Select Users from the left sidebar, then click Create user
4. Enter a descriptive username (e.g., cloudthinker-readonly)
5. Do not enable console access — CloudThinker only needs programmatic access

Step 2: Assign Least-Privilege Permissions

Attach a policy that grants CloudThinker read-only access to your infrastructure:

1. On the permissions page, select Attach policies directly
2. Search for and attach the ReadOnlyAccess managed policy
3. For tighter control, create a custom policy scoped to only the services you want CloudThinker to analyze (e.g., EC2, RDS, S3, CloudWatch, Cost Explorer)

Security tip: Always follow the principle of least privilege. Grant only the permissions CloudThinker needs — never use admin or root credentials.

Step 3: Generate Access Keys

1. After creating the user, navigate to the user's Security credentials tab
2. Under Access keys, click Create access key
3. Select Third-party service as the use case
4. Copy both the Access Key ID and Secret Access Key — you won't be able to view the secret key again

Important: Store these credentials securely. Never share them in plain text, commit them to version control, or expose them in client-side code.

Step 4: Configure CloudThinker

1. Log in to CloudThinker
2. Navigate to Settings > Cloud Connections
3. Click Add AWS Account
4. Paste your Access Key ID and Secret Access Key
5. Select the AWS regions you want CloudThinker to monitor
6. Click Verify & Connect

CloudThinker will validate the credentials and confirm which services are accessible.

Step 5: Verify the Connection

Once connected, CloudThinker will begin discovering your AWS resources. Within a few minutes, you should see:

• Your resource inventory populated in the dashboard
• Cost data flowing from AWS Cost Explorer
• Infrastructure metrics appearing in the monitoring views

If verification fails, double-check that the IAM user has the required permissions and that the access keys are entered correctly.

---

Security Best Practices

• Rotate credentials regularly — AWS recommends rotating access keys every 90 days
• Use IAM roles when possible — For production environments, consider using cross-account IAM roles instead of access keys for enhanced security
• Enable MFA on the AWS account that owns the IAM user
• Monitor key usage — Set up CloudTrail to audit API calls made with your credentials
• Never reuse credentials — Create a dedicated IAM user specifically for CloudThinker

---

What's Next?

With your AWS account connected, CloudThinker's AI agents can now:

• Analyze your infrastructure for cost optimization opportunities
• Monitor security posture and flag misconfigurations
• Run Well-Architected assessments across all six pillars
• Detect anomalies in spending and performance metrics

Explore CloudThinker's full capabilities or reach out to our team at biz@cloudthinker.io for help getting started.