Skip to content
PhoenixVPS Docs

AWS — Key handoff

What you need

Section titled “What you need”
  • The PhoenixVps-Access stack created in AWS — Setup, with its three resources showing Complete. If you have not done that yet, complete the setup guide first.
  • The PhoenixVPS app, open at the Amazon Web Services panel.

Step 1 — Open the Outputs tab

Section titled “Step 1 — Open the Outputs tab”

On the PhoenixVps-Access stack page, find the row of tabs near the top. From left to right they read:

Stack info  ·  Events  ·  Resources  ·  Outputs  ·  Parameters  ·  Template  ·  Changesets  ·  Git sync

Click the Outputs tab (the fourth one).

What you see: A table titled Outputs (1) with one row. Its columns are Key, Value, Description, and Export name:

  • Key: Credential
  • Description: “Copy this single value into the PhoenixVps app once, then close this page. To revoke access, delete this stack.”
  • Value: one long string of letters, numbers, and == on the end. This is your scoped credential.

Step 2 — Copy the credential

Section titled “Step 2 — Copy the credential”

In the Credential row, copy the entire Value. Select the whole string (it ends in ==) and copy it — or use the copy icon that appears when you hover over the value.

Step 3 — Paste it into PhoenixVPS

Section titled “Step 3 — Paste it into PhoenixVPS”

Switch to the PhoenixVPS Amazon Web Services panel. Under Step 2 — Paste the stack Output, click the box labelled “Paste Base64 credential here…” and paste the value you just copied.

Then click Validate & Connect.

What you see: PhoenixVPS checks the credential with a harmless read-only call (usually under five seconds). The Status line near the bottom of the panel updates to confirm the account is connected. You can now close the AWS browser tab.

If you see an error instead, see Troubleshooting.

What happens next

Section titled “What happens next”

PhoenixVPS can now create and tear down a VPN server in your AWS account using the scoped credential — your root and admin keys are never involved. To start a session, return to the main screen and click Connect.

Remember: a running server bills until you tear it down. Use Tear Down VPN Server when you are finished (see the FAQ).

Troubleshooting

Section titled “Troubleshooting”

”Invalid credential”

Section titled “”Invalid credential””

The value was probably truncated when copied. Go back to the Outputs tab, copy the full Value again (it must end in ==), and paste it fresh. Do not type it by hand.

”Permission denied” or the server fails to start after connecting

Section titled “”Permission denied” or the server fails to start after connecting”

The credential is valid but could not create the server. Check that the PhoenixVps-Access stack finished with all three resources Complete, and that your account has capacity in the chosen region (an instance quota limit is the usual cause).

Revoking access

Section titled “Revoking access”

To remove PhoenixVPS’s access to your AWS account:

  1. In PhoenixVPS, click Disconnect / Revoke to delete the locally stored credential.
  2. To fully revoke it in AWS, click Open Delete-Stack Page in the app (or go to the CloudFormation console yourself), then delete the PhoenixVps-Access stack. Deleting the stack removes the phoenixvps-provisioner user and its access key.

After the stack is deleted, the credential is dead — PhoenixVPS can no longer create or manage anything in your account.