After deploying the console, you must create an Amazon role with an associated security policy that will be applied to the Ark console user. You can use the same security policy for multiple users, or create additional Amazon roles with custom security policies for additional users. Each time you register a user, you will be prompted for a Role ARN. The Role ARN determines which security policy will be applied to that user.To define an Amazon role, connect to the Amazon management console, and navigate to the Identity and Access Management dashboard (see Figure 3.24).Navigate to the Roles dashboard, and click the Create New Role button.When the Set Role Name dialog opens (shown in Figure 3.25), specify a name for the new role and click Next Step to select a role type.On the Select Role Type dialog, select the AWS Service Roles radio button (shown in Figure 3.26), and then the Select button to the right of Amazon EC2 to continue to the Attach Policy dialog.When the Attach Policy dialog (shown in Figure 3.27) opens, do not specify a policy; instead, click Next Step to continue to the Review dialog.When the Review dialog opens (as shown in Figure 3.28), review the information displayed, and then click Create Role to instruct the AWS management console to create the described role.The role will be displayed in the role list on the Amazon IAM Roles page (see Figure 3.29). The Summary tab will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated.After completing the Create Role wizard, you must modify the inline policy and trust relationship (defined by the security policy) to allow Ark to use the role. Highlight the role name, navigate to the Permissions tab, expand the Inline Policies menu, and select click here to add a new policy (see Figure 3.30).When the Set Permissions dialog opens, select the Custom Policy radio button, and then click the Select button (see Figure 3.31).Use the fields on the Set Permissions dialog (Figure 3.32) to define the security policy:
• Provide a name for the security policy in the Policy Name field.
• After providing security policy information, click Apply Policy to return to the Role information page. Then, select the Edit Trust Relationship button (located in the Trust Relationships section) to display the Policy Document (see Figure 3.33).Replace the displayed content of the policy document with the content of the file available in Section 10.4, AWS User Trust Policy.EDB-ARK-SERVICE is a placeholder within the trust policy provided in section 10.4. You must replace the placeholder with the External ID provided on the Step 2 tab of the Ark console New User Registration dialog.To retrieve the External ID, open another browser window and navigate to the Log In page of your Ark console. Click the Register button to open the New User Registration dialog (shown in Figure 3.34).Enter user information in the User Details box located on the Step 1 tab:
• Enter your first and last names in the First Name and Last Name fields.
• Enter a password that will be associated with the user account, and confirm the password in the Password and Verify Password fields.
• Provide an email address in the Email field; please note that the email address is used as the Login identity for the user.
• Use the drop-down listbox in the Cloud Provider field to select the host on which the cloud will reside.
• Enter the name of the company with which you are associated in the Company Name field.When you've completed Step 1, click Next to open the Step 2 tab.The Step 2 tab of the New User Registration dialog will display a random External ID number. Copy the External ID from the Step 2 dialog into the trust policy, replacing EDB-ARK-SERVICE. Please note that you must enclose the External ID in double-quotes ("). Click the Update Trust Policy button to save your edits and exit the dialog.Your Amazon IAM role ARN is displayed on the IAM Roles detail panel of the Amazon management console. Highlight a role name to display the assigned value on the Summary page (as shown in Figure 3.35).Enter your Amazon IAM role ARN in the Role Arn field on the Step 2 dialog, and click Finish to complete the registration (see Figure 3.36). Select Cancel to exit without completing the registration.After registering your user identity and connection information, you are ready to log in to the Ark console (shown in Figure 3.37).Figure 3.37 - The Login/Register dialog.Provide the email address in the Email field, and the associated password in the Password field, and click Log In to connect to the Ark management console (shown in Figure 3.38).Figure 3.38 - The Dashboard tab of the Ark management console.