By the end of this this tutorial you will have successfully created a new IAM user with the necessary permissions to call an MTurk single purpose API
Before you start, you should have correctly set up the following:
- an MTurk Requester account
- an AWS account
- linked your AWS account to your MTurk Requester account
- installed the AWS Command Line Interface (optional)
You can follow detailed Instructions to set up these prerequisites.
Identity and Access Management (IAM) is an AWS feature that enables you to securely control access to AWS services and resources. You will create an IAM User with permissions to call a single purpose API, and as a prerequisite the permissions to call the MTurk API. Note this User will not have permission to use other AWS resources in your account unless you specify permissions to do so.
On the AWS IAM website, we will create an IAM User on the AWS IAM website, who will have to correct permissions to call any of the single purpose APIs.
Select Users from the IAM service page, then select Add User
Enter “mturk-crowd-caller” for the name and select Programmatic Access. Then select Next: Permissions.
Note: This User name can be customized, but you’ll need to use the same custom name everywhere else we mention “mturk-crowd-caller”
Select Attach existing policies directly, then from the Policy type Filter search for MechanicalTurk:
Select the checkbox for the AmazonMechanicalTurkFullAccess and AmazonMechanicalTurkCrowdFullAccess, then click Next: Review.
Next, select Create User.
Important: Now, you will see your AWS Access Key ID and Secret Access Key. You will need to configure these on your computer so you can call the API. You won’t be able to see the Secret Access Key again, so don’t close this page. If you need to, you can always generate new keys here following these instructions.
Next, you will store these credentials on your computer. Leave this browser window open until we’ve saved AWS Access Key ID and Secret Access Key as described below.
AWS CLI allows you to define a profile that groups a set up configuration values to call an AWS service. We suggest that you set up a profile for the IAM User we just created to call MTurk.
To configure your credentials, first verify the AWS CLI is installed by entering:
$ aws --version
If you do not have the AWS Command Line Interface installed, you can run this command:
$ pip install awscli --upgrade --user
If you get an error, use AWS Command Line Interface (CLI) Installation page to troubleshoot.
Next we will create a new profile for these credentials. Enter the following:
$ aws configure --profile mturk-crowd-caller
When prompted, enter you AWS Access Key ID and AWS Secret Access Key.
If you do not still have the browser window open with your AWS Access Key IT and AWS Secrete Access Key, generate new keys for user mturk-crowd-caller with the following instructions.
Default region name should be “us-east-1”
Default output format should be “json”
$ aws configure --profile mturk-crowd-caller
AWS Access Key ID: AKIAIOSFON7EXAMPLE
AWS Secret Access Key: bPxRfiCYEXAMPLEKEY
Default region name [None]: us-east-1
Default output format [None]: json
If you are on a Mac or Linux computer, this should create a file at:
~/.aws/credential
If you are on a Windows computer, this file should be at:
C:\Users\USERNAME\.aws\credentials
After you run the aws configure
command the file should now have the following:
[mturk-crowd-caller]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
If you decide not to set up the AWS CLI, you will need to add your AWS credentials to your Python file as described in the Boto3 Documentation.
Next, find the instructions to prepay for your MTurk HITs or jump right to calling your single purpose API.
You may also find this list of New single purpose APIs, Common Questions helpful
If you have any questions or feedback, please contact our product team or chat with us in our Slack channel by joining via this link.