VoiceWorx.ai
Search…
SecretsManager Configuration on EC2

Objective

If you are configuring the VoiceWorx platform on the AWS environment (EC2 instance), this document will help you to configure Secrets Manager in your AWS account.

Introduction

The VoiceWorx application needs to use certain confidential information like credentials which are by default stored into web.config file, however Voiceworx gives an option to store them at a more secure place like AWS secrets manager and this document guides you to configure it.
This should be done before the VoiceWorx application is installed on the EC2 instance.

Pre-requisites

  1. 1.
    AWS Account with administrative access.
  2. 2.
    Remote access to the EC2 Instance (Microsoft Windows)

Steps

Create and assign IAM Role for the EC2 instance

The voiceworx application uses certain AWS resources and as a best practice, instead of using credentials, it’s recommended to assign required permission to the EC2 instance via an IAM role.

Create a policy with required permissions

Login to the AWS console and navigate to the Identity and Access Management (IAM) and choose Policies – as shown in the below screenshot.
Graphical user interface, application Description automatically generated
Once clicked, you will be on the Policies dashboard and should see an option/button to Create Policy – as shown in the below screenshot. Click on it.
Background pattern Description automatically generated
Now, you are on create policy interface. There should be two options, Visual Editor and JSON. Click on JSON and you should see an interface as shown below.
Graphical user interface, text, application, email Description automatically generated
In the JSON editor, copy and paste the following code.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
},
{
"Action": "elasticache:*",
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/elasticache.amazonaws.com/AWSServiceRoleForElastiCache",
"Condition": {
"StringLike": {
"iam:AWSServiceName": "elasticache.amazonaws.com"
}
}
},
{
"Action": [
"secretsmanager:*",
"kms:*",
"lambda:ListFunctions",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"redshift:DescribeClusters",
"tag:GetResources"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"lambda:*"
],
"Effect": "Allow",
"Resource": "arn:aws:lambda:*:*:function:SecretsManager*"
},
{
"Action": [
"serverlessrepo:CreateCloudFormationChangeSet",
"serverlessrepo:GetApplication"
],
"Effect": "Allow",
"Resource": "arn:aws:serverlessrepo:*:*:applications/SecretsManager*"
}
]
}
Once entered, click on the Next button.
Graphical user interface, text, application, email Description automatically generated
Click on next until you see a Review policy screen as shown below.
Graphical user interface, text, application, email Description automatically generated
Enter the name and optional Description and click on Create Policy button and policy is ready to use.
Note that in this policy, we are giving permissions to the S3, ElastiCache and Secrets Manager. If you notice any additional service like Lambda, then it’s selected as it’s a dependant service and permission is required.

Create a Role

To create a role, navigate to the Identity and access Management (IAM) > Roles.
Graphical user interface, application Description automatically generated
Click on the create role button.
As shown in the below screenshot,
Select type of trusted entity = AWS Service.
Choose a use case = EC2.
And then click on Next button
Graphical user interface, application Description automatically generated
Once you click on next, you need to select a policy.
Search for the policy that you have already created in the previous step and select it.
Graphical user interface, text, application, email Description automatically generated
click on next till you get review screen.
Graphical user interface, text, application, email Description automatically generated
Enter the name and optional description and click on the Create role button and Role should get created.

Assign a Role to the EC2 instance

Go to the EC2 dashboard, select the EC2 instance that is going to run VoiceWorx platform and click on Actions menu > Security > Modify IAM Role as shown in the below screenshot.
Select the role that we have created in the previous step and click on the Save button
Click on save and the role should be assigned to the selected EC2 instance.

Configure Secrets Manager

Command line utility

Use command line utility called SmartOffice.Configuration.exe
C:\VoiceWorx> SmartOffice.Configuration.exe secrets us-east-1
Arguments:
First argument should be “secrets
This represents Secrets Manager to be configured
Second Argument should be a valid AWS Region. Secrets Manager will be configured in that region.
Help:
You can use help command
C:\VoiceWorx> SmartOffice.Configuration.exe help
This should show you information on how to use the utility.
Input JSON (secrets)
Below is a sample input json
{
"key1": "Value1",
"key2": "value2",
"CryptoEncryptionKey": "CryptoKey234345746d6c37b0a63",
"MongoDbCon": "mongodb://…...;authSource=admin",
"OktaDomain": "https://CustomerDomain.okta.com"
}
These key-value pairs will be created as part of the secret into the secrets manager.
Once done, you can see a Secret named VoiceWorx into the Secrets Manager Dashboard. Below is a screen shot for the reference.
Graphical user interface, text Description automatically generated
Logs
If you find any issue or think the utility did not work as expected, there might be something wrong like a permission issue.
The command line utility generates logs which may help for identifying and fixing the issue.
You should see a Logs folder in the same location of the exe. and individual logs files should be inside the Logs folder.
Congratulations!
You have successfully configured Secrets Manager for the VoiceWorx Application
Copy link
On this page
Objective
Introduction
Pre-requisites
Steps
Create and assign IAM Role for the EC2 instance
Configure Secrets Manager