To configure my Terraform to use my IBM cloud I need to generate an API key and Classic infrastructure key. This gives the error "API key could not be created".
What settings needs to be changed in order for this to work?
Your cloud administrator needs to add the IAM Identity Service - Service ID creator rights
Related
Can I use the IBM IAM console to create a new ServiceID with an api key, for the purpose of accessing an IBM Cloudant instance?
Yes you can!
The IBM IAM service allows you to create a ServiceID, which is a machine-usable 'persona'. Then you can create an API key for it and give it permissions to access one or more IBM services, like Cloudant.
Start at https://cloud.ibm.com/iam and then:
Create a new ServiceID
Under Access Policies, click Assign Access. Here you can choose the service that you want to access and what roles you want to authorise (e.g. Reader, Writer, etc). Here you can assign more than one service to the same ServiceID.
Under API Keys, choose Create. This will create an API key which you can download.
Now you can use the API key in your application and you should be able to access your service.
Individual IBM services normally offer their own access mechanisms. But the advantage of this method is that you can use the same API key to access multiple services (e.g. Cloudant, Cloud Object Storage) from your application.
I'm trying to configure Atlas with Customer Key Management
which seems fairly straightforward. However, if I create a new service principal/app registration in Azure to connect Mongo Atlas to my Azure key vault I get Invalid Azure Credentials as an error.
I create the service principal following this guide without any redirect URI. I tried all different account types but none worked for me. After creation, I create a new client secret and use it in the 'Secret'-field inside the Mongo Atlas UI.
What am I doing wrong?
I forgot to add the service principal as a Key Vault Reader to the subscription that holds the key vault.
Relevant documentation: https://www.mongodb.com/docs/atlas/security-azure-kms/#prerequisites
I have an existing instance of Db2 Warehouse on Cloud which is deployed to an org and space. Now, I would like to bind that service to an app for deployment with IBM Cloud Code Engine.
ibmcloud ce application bind --name henriks-app --service-instance myDb2
myDb2 does not exist as IAM resource because it is a CF resource. How would I bind the two together? It seems that I would need to create some form of custom wrapper.
The best way to manually connect services to your Code Engine application is to add service credentials to a Code Engine secret, and then attach that secret to your application using environment variables or volume mounting.
While you're correct that Db2 Warehouse isn't a typical IAM-Enabled service type, based on the IBM Cloud Db2 Warehouse docs, it's possible to create a client connection with Db2 Warehouse using an IAM Service ID & API Key.
Here's how I'd "bind" the Db2 instance to a Code Engine app:
Create a new service ID from the IAM Service IDs page
Under "Assign Access" > "Access service ID additional access" > "IAM Service", you'll find "Db2 Warehouse" as an option, and you can configure exact permissions from there (e.g. which instance(s) to grant permissions to, which roles, etc)
Finish the configuration by clicking "Assign access"
Using the CLI, log in to your account and generate a new API Key, e.g. ibmcloud iam service-api-key-create mydb2key SERVICE_ID_NAME --output JSON > mydb2.json where SERVICE_ID_NAME is the name of the service ID created in Step 1
Target your Code Engine project, then create a new secret using the API Key JSON, e.g. ibmcloud ce secret create --name mydb2 --from-file MYDB2=mydb2.json
Attach the secret to your application as an environment variable, e.g. ibmcloud ce app update --name myapp --env-from-secret mydb2
After the app update goes through, your application will have access to an environment variable named MYDB2, which will have the value of a JSON object string containing your API Key.
You'll find more information about creating secrets and using secrets with applications in the Code Engine docs.
I'm deploying via Delivery Pipeline on IBM Bluemix Cloud Foundry.
On logs I have this message:
WARNING: Deploying to Cloud Foundry without specifying an API KEY is DEPRECATED. Press the [CONFIGURE] button above to include an API KEY for this job.
What is API KEY and where I have to set it?
The API key can be set in the Deploy configuration, around the middle of the panel:
From the drop-down, select 'Add an existing API key' and then paste in a key.
(The key can be created on the command line using ibmcloud iam api-key-create MyKey -d "this is my API key" --file key_file if there isn't already one for the user whose identity the deploy should be done under.)
I'm having trouble connecting to the Bluemix Object Store using the instructions presented by this link: https://knowledgelayer.softlayer.com/procedure/connect-object-storage-using-sftp
It's unclear to me what the username and account ID are so I would appreciate it if someone can clarify
The instructions are valid
Where I can find the values for SLOS/IBMOS etc?
I do not have access to the Softlayer customer portal as this service as created in Bluemix.
I can confirm that an sftp server is listening at the appropriate region endpoint.
Brien, it is not possible to use SFTP to access the Bluemix Object Storage if you create it from the Services catalog area of the Bluemix UI:
https://console.ng.bluemix.net/catalog/services/object-storage
This one can be accessed via swift cli or REST API.
To use SFTP to access your Object Storage you need to create it from the Infrastructure are of the Bluemix UI - that is the legacy Softayer that is now integrated with Bluemix.
https://console.ng.bluemix.net/catalog/infrastructure/object_storage/
Also, to create the Object Storage from the Infrastructure catalog you need to first link your Bluemix and Softlayer accounts:
https://console.ng.bluemix.net/docs/admin/softlayerlink.html