Set up AWS IAM user

Use this method for testing environments or when IAM roles aren't supported. Access keys are long-lived credentials that require manual rotation.

Use cases

Testing and development environments
AWS configurations that don't support cross-account role assumption
Simplified authentication workflows

Prudence

Access keys are long-lived credentials. Rotate them regularly (every 90 days) and limit permissions to only what your workflows need.

Prerequisites

Before creating an IAM user, ensure you have:

An AWS account with permission to create IAM users
Your New Relic account ID
Admin access to the AWS IAM Console

Set up the IAM user

Create the IAM user

Sign in to the AWS IAM Console
Navigate to Users > Create user and enter a username: workflow-automation-user (or your preferred name)
Click Next
On the Set permissions page, choose Attach policies directly
Search for and select policies based on your workflows:
- For SQS: Select AmazonSQSFullAccess
- For EC2: Select AmazonEC2ReadOnlyAccess
- Or create a custom policy with limited permissions (recommended)
Click Next, then Create user

Generate access keys

In the users list, select your newly created user
Click the Security credentials tab
In the Access keys section, choose Create access key
Select Application running outside AWS and click Next
(Optional) Add a description tag: New Relic workflow automation
Choose Create access key
Copy both credentials immediately:
- Access key ID (starts with AKIA...)
- Secret access key (shown only once)
Important
AWS displays the secret access key only once during creation. If you don't save it, you'll need to generate a new key pair.

Store credentials securely

Never hardcode AWS credentials in workflows. Store them in New Relic's secrets manager instead.

Open the NerdGraph GraphiQL explorer
Run this mutation to store your Access Key ID (replace the placeholder values):

mutation {
    secretsManagementCreateSecret(
      scope: {type: ACCOUNT id: "YOUR_NR_ACCOUNT_ID"}
      namespace: "aws"
      key: "awsAccessKeyId"
      description: "AWS Access Key ID for workflow automation"
      value: "YOUR_AWS_ACCESS_KEY_ID"
    ) {
      key
    }
  }

Run another mutation for your Secret Access Key:

mutation {
    secretsManagementCreateSecret(
      scope: {type: ACCOUNT id: "YOUR_NR_ACCOUNT_ID"}
      namespace: "aws"
      key: "awsSecretAccessKey"
      description: "AWS Secret Access Key for workflow automation"
      value: "YOUR_AWS_SECRET_ACCESS_KEY"
    ) {
      key
    }
  }

Reference these secrets in workflows using the syntax: ${{ :secrets:awsAccessKeyId }}

Conseil

Use the namespace field to organize secrets by environment (aws-prod, aws-staging) or team name.

AWS credentials overview

Compare authentication methods and choose the right one

AWS policy examples

Complete IAM policies for EC2, SQS, DynamoDB, and more

AWS actions

Browse EC2, Lambda, S3, SQS, and other AWS actions

Workflow best practices

Security best practices for credentials and secrets

Use cases.css-21sua1{background:none;border:none;width:0;padding:0;}