Table of Contents Previous Next


3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.2 Creating the Amazon AWS Service User and Service Role

When configuring the Ark console, you are required to provide the setup dialog with details about the AWS service user and the service role. Specify:
the Amazon external ID that will be used by the Ark service user (ppcd) in the Service Account External ID field.
the AWS_ACCESS_KEY_ID associated with the AWS role used for account administration in AWS Access Key field.
the AWS_SECRET_ACCESS_KEY associated with the AWS role used for account administration in AWS Secret Key field.
To create the Ark console's service user account, connect to the Amazon AWS management console, and navigate to the Users dashboard; select the Add user button to open the Add user dialog (shown in Figure 3.3).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\b45ad010\Screen Shot 2017-01-06 at 4.02.26 AM.png
On the Add user dialog:
Check the box to the left of Programmatic access.
Click Next: Permissions to continue.
When the Permissions dialog opens, click the button labeled Attach existing policies directly, then click the Create policy button. When the Create Policy dialog opens, click the Create Policy button.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\06821cbe\Screen Shot 2017-04-26 at 3.11.24 PM.png
Click the Select button to the right of Create Your Own Policy to provide a security policy.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9a47dbd\Screen Shot 2017-01-06 at 4.10.45 AM.png
On the Review Policy dialog (see Figure 3.5):
Provide the text that defines the policy in the Policy Document field. You can use the policy provided in Section 10.1.
Click Create Policy to continue.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\db7b2fe1\Screen Shot 2017-05-16 at 12.49.47 PM.png
Then, return to the Add user tab, and click the Refresh button above the list of policies (see Figure 3.6). Select the new policy from the list, and click Next:review.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\948dbc30\Screen Shot 2017-05-16 at 12.50.48 PM.png
Review the details about the user account, and click the Create user button to create the user (see Figure 3.7).
The AWS console will confirm that the user has been added successfully. Click Show to display the Secret access key value (see Figure 3.8).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\078e097f\Screen Shot 2017-05-16 at 12.52.51 PM.png
Provide the Access key id in the AWS Access Key field on the Ark console setup dialog.
Provide the Secret access key in the AWS Secret Key field on the Ark console setup dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\69bef57d\Screen Shot 2017-01-05 at 4.19.11 PM.png
Navigate to the Roles page, and click the Create New Role button.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e93d7cf7\Screen Shot 2017-01-05 at 4.21.31 PM.png
Select the AWS Service Roles radio button (shown in Figure 3.10), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9377ce9\Screen Shot 2017-01-05 at 4.22.29 PM.png
When the Attach Policy dialog (shown in Figure 3.11) opens, do not select a policy; instead, click Next Step to continue to the Set role name and review dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\0d8c17ed\Screen Shot 2017-05-17 at 4.55.59 AM.png
When the Create Role dialog opens (shown in Figure 3.12), specify a name for the new role and click the Create Role button.
C:\Users\susan\Desktop\Screen Shot 2017-01-06 at 3.03.07 PM.png
The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.13). You can click the role name to display detailed information about the role. Please note that the Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.
After completing the Create Role wizard, you must modify the inline security policy and trust relationship to allow Ark to use the role. Highlight the role name, navigate to the Permissions tab, expand the Inline Policies menu, and select click here to add a new policy (see Figure 3.14).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9be7df3\Screen Shot 2017-01-05 at 4.25.34 PM.png
When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.15).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4cae180\Screen Shot 2017-01-05 at 4.25.59 PM.png
C:\Users\susan\Desktop\Screen Shot 2017-01-06 at 3.12.46 PM.png
Use the fields on the Set Permissions dialog (Figure 3.16) to define the security policy:
Copy the security policy text into the Policy Document field. For a sample security policy that you can use when creating the service role, please see Reference – AWS Service Role Security Policy and Trust Relationship.
After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.17).
C:\Users\susan\Desktop\2.21.png
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\38f55e91\Screen Shot 2017-01-06 at 3.41.53 PM.png
The Summary dashboard (see Figure 3.18) will display values that you must provide when configuring your Ark console:
The Role ARN associated with the service role must be provided in the Service Account Role ARN field.
The external ID associated with the service role must be provided in the Service Account External ID field. In the example shown, the external id is EDB-ARK-SERVICE; you can find this value under the Conditions section of the Trust Relationships tab.

3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.2 Creating the Amazon AWS Service User and Service Role

Table of Contents Previous Next