Table of Contents Previous Next



After creating the service user, you must create a service role. Connect to the Amazon management console, and navigate through the Identity and Access Management dashboard to the Roles dashboard. Then, click the Create role button to open the Create role dialog (see Figure 3.8).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\4779da86\Screen Shot 2018-04-11 at 12.17.43 PM.png
Select the AWS service button, and the EC2 service type; click Next: Permissions to continue.
C:\Users\susan\Desktop\editme.png
When the Attach permissions policies dialog (shown in Figure 3.9) opens, do not select a policy; instead, click Next:Tags, then Next: Review to continue.
C:\Users\susan\Desktop\edits.png
When the Review dialog opens (shown in Figure 3.10), specify a name and description for the new role and click the Create role button. The new role will be displayed in the role list on the Amazon IAM Roles page. Click the role name to display detailed information about the role on the Summary dialog.
The Summary dialog will display a Role ARN, but the ARN will not be enabled until the security policy and trust policy are updated. To modify the inline security policy, click the Add inline policy button; the button is located on the Permissions tab (see Figure 3.11).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\c6f95885\Screen Shot 2018-04-11 at 12.26.19 PM.png
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\1a853f8c\Screen Shot 2018-04-11 at 1.24.48 PM.png
Copy the security policy text into the the JSON tab on the Create policy dialog (see Figure 3.12). For a security policy that you can use when creating the service role, please see Section 10.3.
After providing security policy information, click Review Policy to provide a name for the policy, and return to the role information page.
C:\Users\susan\Desktop\2.21.png
Navigate to the Trust relationships tab, and select the Edit Trust Relationship button to display the Policy Document (see Figure 3.13). Replace the displayed content of the policy document with the content of the security policy included in 0.
Click the Update Trust Policy button to finish.
C:\Users\susan\Desktop\EDB-ARK-service.png
The Summary dashboard (see Figure 3.14) will display values that you must provide when configuring your Ark console:
The Role ARN associated with the service role must be provided in the Service Account Role ARN field.
The external ID associated with the service role must be provided in the Service Account External ID field. You can find this value under the Conditions section of the Trust Relationships tab.


Table of Contents Previous Next