Table of Contents Previous Next


3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.4 Creating an Amazon Role and Registering an Ark Console User

To define an Amazon role, connect to the Amazon management console, and navigate to the Identity and Access Management dashboard (see Figure 3.24).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\69bef57d\Screen Shot 2017-01-05 at 4.19.11 PM.png
Navigate to the Roles dashboard, and click the Create New Role button.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4c8e106\Screen Shot 2017-01-05 at 4.20.06 PM.png
When the Set Role Name dialog opens (shown in Figure 3.25), specify a name for the new role and click Next Step to select a role type.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e93d7cf7\Screen Shot 2017-01-05 at 4.21.31 PM.png
On the Select Role Type dialog, select the AWS Service Roles radio button (shown in Figure 3.26), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9377ce9\Screen Shot 2017-01-05 at 4.22.29 PM.png
When the Attach Policy dialog (shown in Figure 3.27) opens, do not specify a policy; instead, click Next Step to continue to the Review dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4c2e1b8\Screen Shot 2017-01-05 at 4.23.04 PM.png
When the Review dialog opens (as shown in Figure 3.28), review the information displayed, and then click Create Role to instruct the AWS management console to create the described role.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a6c0e7b6\Screen Shot 2017-01-05 at 4.24.00 PM.png
The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.29). The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.
After completing the Create Role wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Highlight the role name, navigate to the Permissions tab, expand the Inline Policies menu, and select click here to add a new policy (see Figure 3.30).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e9be7df3\Screen Shot 2017-01-05 at 4.25.34 PM.png
When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.31).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\a4cae180\Screen Shot 2017-01-05 at 4.25.59 PM.png
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\e93f7c50\Screen Shot 2017-01-05 at 4.28.20 PM.png
Use the fields on the Set Permissions dialog (Figure 3.32) to define the security policy:
Copy the security policy text into the Policy Document field. The security policy required by Ark is available in Section 10.3, AWS User Security Policy.
After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.33).
C:\Users\susan\Desktop\2.21.png
Replace the displayed content of the policy document with the content of the file available in Section 10.4, AWS User Trust Policy.
EDB-ARK-SERVICE is a placeholder within the trust policy provided in section 10.4. You must replace the placeholder with the External ID provided on the Step 2 tab of the Ark console New User Registration dialog.
To retrieve the External ID, open another browser window and navigate to the Log In page of your Ark console. Click the Register button to open the New User Registration dialog (shown in Figure 3.34).
Screen shot 2014-05-21 at 5
Enter user information in the User Details box located on the Step 1 tab:
Enter your first and last names in the First Name and Last Name fields.
Provide an email address in the Email field; please note that the email address is used as the Login identity for the user.
Use the drop-down listbox in the Cloud Provider field to select the host on which the cloud will reside.
When you've completed Step 1, click Next to open the Step 2 tab.
The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-ARK-SERVICE. Please note that you must enclose the External ID in double-quotes ("). Click the Update Trust Policy button to save your edits and exit the dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\7f17d3a8\Screen Shot 2017-01-11 at 1.36.26 AM.png
Your Amazon IAM role ARN is displayed on the IAM Roles detail panel of the Amazon management console. Highlight a role name to display the assigned value on the Summary page (as shown in Figure 3.35).
Screen shot 2014-07-22 at 3
Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish to complete the registration (see Figure 3.36). Select Cancel to exit without completing the registration.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\7ab1d4e9\Screen Shot 2017-01-12 at 10.19.20 AM.png
Figure 3.37 - The Login/Register dialog.
Provide the email address in the Email field, and the associated password in the Password field, and click Log In to connect to the Ark management console (shown in Figure 3.38).
C:\Users\susan\Desktop\aws_admin_dashboard.png
Figure 3.38 - The Dashboard tab of the Ark management console.

3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.4 Creating an Amazon Role and Registering an Ark Console User

Table of Contents Previous Next