Severalnines Blog
The automation and management blog for open source databases

Updated: how to configure access credentials in NinesControl

Posted in:

Once you have created an account on NinesControl, you need to configure NinesControl to access the cloud in which your databases will run. You need to define access credentials for your cloud account. In this blog post we’ll show you how to configure access to DigitalOcean, AWS and Google Compute Engine.


To configure NinesControl to access DigitalOcean, you first need to be logged into your DigitalOcean account. Next, go to the API section.

Once there, click on “Generate New Token” to create a new token for NinesControl. You will be asked to pick a name for the token and scopes - make sure both read and write are included. When you are ready, click “Generate Token”.

New token will be created - it takes a form of alphanumeric string which you can copy to your clipboard.

Next, go to your NinesControl account, go to Cloud Accounts -> DigitalOcean and add your token. Save credentials afterwards.

That’s it, now you can deploy MySQL and MongoDB clusters on DigitalOcean.

Amazon Web Services

To configure NinesControl to access AWS, you first need to create an IAM user. NinesControl will use IAM to deploy your databases on AWS. When you are logged into your AWS account, you can find the IAM section under “Services”.

Next, you need to click on “Users” to create a new user. Fill the name and create it.

After you create it, you can download your credentials for further use. You can also copy the Access Key ID and Secret Access Key. You’ll need them later in NinesControl.

After we create the user, we need to grant correct privileges.The user should appear in the list. If needed, you can always use filter box as shown below to find it.

Once you found the user, click on it. Go to the “Permissions” tab and click on “Attach Policy” button. (Note: This is not the only way to grant privileges - you can also create a group with the required permissions and then assign user to such group. We won’t cover this method in this blog)

A policy that we need to attach is called “AmazonEC2FullAccess”. You can find it on the list or use the filter field to show just that policy.

Once this is done, your user is ready to be used in NinesControl. Log in to NinesControl, go to Cloud Accounts and pick Amazon AWS as provider. You will have to fill in some data like name of the credentials as showed in NinesControl, region in which the cluster should be deployed and, finally, credentials themselves - Access Key and Secret Key for your IAM.

When you accomplish this, you should be able to deploy your databases on Amazon Web Services. Deployment will be covered in a separate blog post, for now we’d like to add that, at the first deployment, you will have to create new VPC and subnet by clicking on “[Add]” next to Vpc and Subnet fields.

That’s it. You have now configured NinesControl to access AWS and will be able to deploy MySQL and MongoDB clusters on AWS.

Google Compute Engine

To generate credentials for Google Compute Engine, you need to follow a couple of simple steps. If you are a project owner, all you need to do is go to the Products & Services menu.

Then, you need to select API Manager from the list.

Go to the “Credentials” section and use the “Create credentials” option. Make sure you use “Service account key”.

When asked, pick JSON as format.

After you click “Create”, you will download a JSON file with credentials.

Now it’s time to add the credentials to your NinesControl account. Log into NinesControl and go to the “Cloud accounts” section.

Pick Google Compute Engine and click in “Add Credentials”. You will be presented with the following screen:

Use your JSON file and upload it to NinesControl. Make sure you click on “Save credentials”.

This should be enough to add GCE credentials into your NinesControl account - it should become available under the “Cloud accounts” section.

Happy Clustering!