If self-registration is enabled, on your first visit to the Ark console, you should create an Amazon role and register an Ark console user.As part of the registration process for the Ark console, you must create an Amazon IAM role and perform a handshake between the Ark console and the Amazon management console. The handshake associates the external ID provided by the Ark console with the Amazon role, and the Role Arn provided by the Amazon console with the Ark user.Please note that each time you refresh the Ark New User dialog, the external ID displayed on the registration dialog will change; you must have access to both the Ark console and the Amazon management console while registering an Ark user.To start the registration process, connect to the Amazon management console, and navigate to the Identity and Access Management dashboard (see Figure 3.3).Navigate to the Roles dashboard, and click the Create New Role button.When the Set Role Name dialog opens (shown in Figure 3.4), specify a name for the new role and click Next Step to specify a role type.On the Select Role Type dialog, select the AWS Service Roles radio button (shown in Figure 3.5), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.When the Attach Policy dialog (shown in Figure 3.6) opens, do not specify a policy; instead, click Next Step to continue to the Review dialog.When the Review dialog opens (as shown in Figure 3.7), review the information displayed, and then click Create Role to instruct the AWS management console to create the described role.The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.8). The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.After completing the Create Role wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Highlight the role name; then navigate to the Permissions tab and open the Inline Policies menu. Select click here to add a new policy (see Figure 3.9).When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.10).Use the fields on the Set Permissions dialog (Figure 3.11) to define the security policy:
• Provide a name for the security policy in the Policy Name field.
• After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.12).Replace the displayed content of the policy document with the content of the file available in Section 15, AWS Resources.EDB-PPCD-CONSOLE is a placeholder within the trust policy. You must replace the placeholder with the External ID provided on the Step 2 tab of the Ark console New User Registration dialog.To retrieve the External ID, open another browser window and navigate to the Log In page of your Ark console. Click the Register button to open the New User Registration dialog (shown in Figure 3.13).Enter user information in the User Details box located on the Step 1 tab:
• Enter your first and last names in the First Name and Last Name fields.
• Enter a password that will be associated with the user account, and confirm the password in the Password and Verify Password fields.
• Provide an email address in the Email field; please note that the email address is used as the Login identity for the user.
• Use the drop-down listbox in the Cloud Provider field to select the host on which the cloud will reside.
• Enter the name of the company with which you are associated in the Company Name field.When you've completed Step 1, click Next to access the Step 2 tab.The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-PPCD-CONSOLE. Please note that you must enclose the External ID in double-quotes ("). Click the Update Trust Policy button to save your edits and exit the dialog.Your Amazon IAM role ARN is displayed on the IAM Roles detail panel of the Amazon management console. Highlight a role name to display the assigned value on the Summary page. (as shown in Figure 3.14).Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish to complete the registration (see Figure 3.15). Select Cancel to exit without completing the registration.After completing the registration, you can use the Login/Register dialog (shown in Figure 3.16) to access the Ark console.Enter the registered email address in the Username field, and the associated password in the Password field, and click Log In to connect to the Ark console.