Table of Contents Previous Next


3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.2 Creating the Amazon AWS Service User and Service Role

When configuring the Ark console, you are required to provide the setup dialog with details about the AWS service user and the service role. Specify:
the AWS_ACCESS_KEY_ID associated with the AWS role used for account administration in AWS Access Key field.
the AWS_SECRET_ACCESS_KEY associated with the AWS role used for account administration in AWS Secret Key field.
To create the Ark console's service user account, connect to the Amazon AWS management console, and navigate through the IAM menu (Identity and Access Management) to the Users dashboard; select the Add user button to open the Add user dialog (shown in Figure 3.2).
C:\Users\susan\Desktop\editme.png
On the Add user dialog:
Check the box to the left of Programmatic access.
Click Next: Permissions to continue. Click the Attach existing policies directly button, and then the Create policy button to open the Create policy dialog in a new tab.
When the Create policy dialog opens, select the JSON tab, and provide the policy definition (see Figure 3.3).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\5a50e0ea\Screen Shot 2018-04-16 at 10.18.09 AM.png
A sample policy definition is available in Section 10.1; after copying in a policy, click the Review policy button to continue.
C:\Users\susan\Desktop\chop.png
C:\Users\susan\Desktop\Screen Shot 2018-04-11 at 12.03.29 PM.png
Return to the Add user tab, and click the Refresh button. Check the box to the left of the new policy, and click Next:review (see Figure 3.5).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\948dbc30\Screen Shot 2017-05-16 at 12.50.48 PM.png
Review the account details, and click the Create user button to create the user (see Figure 3.6). The AWS console will confirm that the user has been added successfully (see Figure 3.7).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\d6716970\Screen Shot 2018-04-11 at 12.12.48 PM.png
Provide the Access key id in the AWS Access Key field on the Ark console setup dialog.
Use the Show button to display the Secret access key. You must provide the Secret access key in the AWS Secret Key field on the Ark console setup dialog.
After creating the service user, you must create a service role. Connect to the Amazon management console, and navigate through the Identity and Access Management dashboard to the Roles dashboard. Then, click the Create role button to open the Create role dialog (see Figure 3.8).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\4779da86\Screen Shot 2018-04-11 at 12.17.43 PM.png
Select the AWS service button, and the EC2 service type; click Next: Permissions to continue.
C:\Users\susan\Desktop\editme.png
When the Attach permissions policies dialog (shown in Figure 3.9) opens, do not select a policy; instead, click Next: Review to continue.
C:\Users\susan\Desktop\edits.png
When the Review dialog opens (shown in Figure 3.10), specify a name and description for the new role and click the Create role button. The new role will be displayed in the role list on the Amazon IAM Roles page. Click the role name to display detailed information about the role on the Summary dialog.
The Summary dialog will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated. To modify the inline security policy, click the Add inline policy button; the button is located on the Permissions tab (see Figure 3.11).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\c6f95885\Screen Shot 2018-04-11 at 12.26.19 PM.png
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\1a853f8c\Screen Shot 2018-04-11 at 1.24.48 PM.png
Copy the security policy text into the the JSON tab on the Create policy dialog (see Figure 3.12). For a security policy that you can use when creating the service role, please see Section 10.3.
After providing security policy information, click Review Policy to provide a name for the policy, and return to the role information page.
C:\Users\susan\Desktop\2.21.png
Navigate to the Trust relationships tab, and select the Edit Trust Relationship button to display the Policy Document (see Figure 3.13). Replace the displayed content of the policy document with the content of the security policy included in 10.2.
Click the Update Trust Policy button to finish.
C:\Users\susan\Desktop\EDB-ARK-service.png
The Summary dashboard (see Figure 3.14) will display values that you must provide when configuring your Ark console:
The Role ARN associated with the service role must be provided in the Service Account Role ARN field.
The external ID associated with the service role must be provided in the Service Account External ID field. You can find this value under the Conditions section of the Trust Relationships tab.

3 Installing the EDB Ark Console : 3.1 Installing EDB Ark for Amazon AWS : 3.1.2 Creating the Amazon AWS Service User and Service Role

Table of Contents Previous Next